AppArmor & Chromium Browser
I've put all apparmor profiles in the enforce mode, including the default Chromium Browser profile. I had to make some adjustments so that Chromium was able to start up, including this one:
I'm not happy about that. If I understand correctly, that'll allow Chromium to write to oom_score_adj of every process, doesn't it? Is there a placeholder to only allow access to the proc-folder of the process itself?
Thank you very much,
If SUDO is all-powerful, can SUDO start a process that SUDO can't kill?