[snap] chromium generates a lot of Apparmor noise
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Running Chromium's snap result in a lot of Apparmor noise like this:
audit: type=1400 audit(0): apparmor="DENIED" operation="open" profile=
audit: type=1400 audit(0): apparmor="DENIED" operation="open" profile=
The above and the attached log was collected with:
journalctl -o cat -k | grep -F ' apparmor="DENIED" ' | grep -F snap.chromium.
Additional information:
$ snap info chromium
name: chromium
summary: Chromium web browser, open-source version of Chrome
publisher: Canonical✓
contact: https:/
license: unset
description: |
An open-source browser project that aims to build a safer, faster, and more stable way for all
Internet users to experience the web.
commands:
- chromium.
- chromium
snap-id: XKEcBqPM06H1Z7z
tracking: edge
refresh-date: 11 days ago, at 12:08 EDT
channels:
stable: 74.0.3729.131 2019-05-02 (705) 162MB -
candidate: 74.0.3729.131 2019-05-01 (705) 162MB -
beta: 74.0.3729.61 2019-04-06 (688) 162MB -
edge: 75.0.3770.9 2019-04-27 (703) 163MB -
installed: 75.0.3770.9 (703) 163MB -
$ snap interfaces chromium
Slot Plug
:browser-support chromium:
:camera chromium
:desktop chromium
:gsettings chromium
:home chromium
:network chromium
:network-bind chromium
:opengl chromium
:personal-files chromium:
:pulseaudio chromium
:screen-
:u2f-devices chromium
:unity7 chromium
:upower-observe chromium
:x11 chromium
gtk-common-
gtk-common-
gtk-common-
- chromium:
- chromium:
- chromium:
- chromium:
- chromium:
$ apt-cache policy snapd
snapd:
Installed: 2.38+18.04
Candidate: 2.38+18.04
Version table:
*** 2.38+18.04 500
500 http://
100 /var/lib/
2.37.4+18.04.1 500
500 http://
2.32.5+18.04 500
500 http://
$ lsb_release -rd
Description: Ubuntu 18.04.2 LTS
Release: 18.04
You can 'sudo snap connect chromium: mount-observe' for /etc/fstab. /run/mount/utab is more complicated and you can read about it here: https:/ /forum. snapcraft. io/t/namespace- awareness- of-run- mount-utab- and-libmount/ 5987
For the /run/udev/data accesses, can you paste the output of:
$ cat /run/udev/ data/b230\ :*