Results 1 to 2 of 2

Thread: apparmor profile for chromium?

  1. #1
    Join Date
    Dec 2010
    Beans
    6

    apparmor profile for chromium?

    Hello,

    I've downloaded the extra apparmor profiles using

    Code:
    sudo aptitude install apparmor-profiles
    I enabled the chromium profile and realised it doesn't work out of the box. I've glanced over the various apparmor docs and added the following rules to /etc/apparmor.d/local/usr.bin.chromium-browser in order to get chromium to work without logging problems:

    Code:
    /sys/devices/pci*/**/* r,
    /sys/devices/system/cpu/**/* r,
    /home/phatypus/.mozilla/firefox/* r,
    /usr/bin/xdg-settings ixr,
    /usr/bin/xdg-mime ixr,
    /bin/which ixr,
    /bin/readlink ixr,
    /usr/bin/cut ixr,
    /usr/bin/basename ixr,
    /usr/bin/mawk ixr,
    /usr/bin/gconftool-2 ixr,
    I wasn't too sure about my execute rules, so used the same rules as xdg-open found in /etc/apparmor.d/usr.bin.chromium-browser, which was:

    Code:
    /usr/bin/xdg-open ixr,
    Can someone confirm that my additional rules are sound?


    Thanks.


    p.s. I presume the profile shipped with apparmor-profiles doesn't work out of the box because it has lagged behind work done on chromium?

  2. #2
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: apparmor profile for chromium?

    /home/phatypus/ should be @{HOME}/

    otherwise it is up to you to decide what you wish to allow, borwsers are most difficult as use varies.

    I suggest you file a bug report on LP re: chromium profile.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •