AppArmor Java Google Chrome FireFox profile question

**WhiteHatGuy** · September 30th, 2012

Hi everyone

Today I finally was able to install last version of Java in Lubuntu

I play online poker at partypoker. For linux, I need to run the poker room from my internet browser and I need to have Java Oracle 7 installed. Now, everything works fine and I am able to login to the poker room if I dont use an apparmor profile.

But here is the thing and the catch, at party poker is always full of cheaters, could be hackers, crackers, blackhats, thiefs from all around the world, and cybercriminals. And cause their games are completely RIGGED. This is a fact, and no wonder since you are playing with real money. So this attract this kind of low life no moral values people, who are capable of stealing money from their own mother.

That been said. I need to use apparmor profiles for firefox and google chrome, and Java in order to protect my self from these crooks, bulgars and thiefs.

I am using the default Lubuntu firefox apparmor profile and I use Hungry Man Google Chrome and java apparmor profile.

The problem is that all these profiles are so restricted that my poker room wont load in any of them if I enable apparmor web browsers profiles.

The poker room needs the java plugin in order to run.

I am wondering what do I need to change in the profiles in order to make them work? What line? The profiles are Lubuntu default firefox, insanitybit hungry man Google Chrome and Java profile.

Do I have to put a W at the end to enable write at some line of code?

I am so freaking noob when it comes to create profiles.

Also Hungry Man I tried to load your Google Chrome apparmor profile at kernel with command:

cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a

But I get an error:

Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
AppArmor parser error, in stdin line 58: Found unexpected character: '�'

Code:

# Last Modified: Fri Sep 28 23:38:48 2012
#include <tunables/global>

/opt/google/chrome/chrome {
capability sys_ptrace,

network inet stream,
network inet tcp,
network inet6 stream,
network inet6 tcp,

deny /anon_hugepage//deleted r,

/bin/readlink rCx,
/bin/which rCx,
/dev/ r,
/dev/dri/card* rw,
/dev/null rw,
/dev/ptmx rw,
/dev/random r,
/dev/snd/controlC* rw,
/dev/snd/pcm* rw,
/dev/snd/timer r,
/dev/tty rw,
/dev/urandom r,
/dev/video* r,
/etc/fonts/** r,
/etc/fstab r,
/etc/gai.conf r,
/etc/group r,
/etc/host.conf r,
/etc/hosts mr,
/etc/ld.so.cache mr,
/etc/locale.alias r,
/etc/localtime r,
/etc/lsb-release r,
/etc/mtab r,
/etc/nss_mdns.conf r,
/etc/nsswitch.conf r,
/etc/opt/chrome/policies/managed/ r,
/etc/opt/chrome/policies/managed/*.json r,
/etc/opt/chrome/policies/recommended/ r,
/etc/opt/chrome/policies/recommended/*.json r,
/etc/passwd mr,
/etc/protocols r,
/etc/pulse/client.conf r,
/etc/python*/sitecustomize.py r,
/etc/resolvconf/run/resolv.conf r,
/etc/samba/lmhosts r,
/etc/services r,
/etc/udev/udev.conf r,
/home/*/.Xauthority r,
owner /home/*/.cache/dconf/user mrw,
/home/*/.config/dconf/user r,
/home/*/.config/google-chrome/ r,
owner /home/*/.config/google-chrome/*.txt rw,
owner /home/*/.config/google-chrome/.com.* rw,
owner “/home/*/.config/google-chrome/Certificate Revocation Lists” rw,
owner “/home/*/.config/google-chrome/Consent To Send Stats” rw,
/home/*/.config/google-chrome/Default/ r,
owner /home/*/.config/google-chrome/Default/* rw,
owner /home/*/.config/google-chrome/Default/*.bak rw,
owner /home/*/.config/google-chrome/Default/*.txt rw,
owner “/home/*/.config/google-chrome/Default/Application Cache/” rw,
owner “/home/*/.config/google-chrome/Default/Application Cache/Index” mrwk,
owner “/home/*/.config/google-chrome/Default/Application Cache/Index-journal” mrw,
owner “/home/*/.config/google-chrome/Default/Archived History” rwk,
owner “/home/*/.config/google-chrome/Default/Archived History-journal” rw,
owner /home/*/.config/google-chrome/Default/Bookmarks rw,
owner /home/*/.config/google-chrome/Default/Cookies rwk,
owner /home/*/.config/google-chrome/Default/Cookies-journal rw,
owner “/home/*/.config/google-chrome/Default/Current Session” rw,
owner “/home/*/.config/google-chrome/Default/Current Tabs” rw,
owner “/home/*/.config/google-chrome/Default/Extension Cookies” rwk,
owner “/home/*/.config/google-chrome/Default/Extension Cookies-journal” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/” r,
owner “/home/*/.config/google-chrome/Default/Extension State/*.dbtmp” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/*.log” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/*.sst” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/CURRENT” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/LOCK” rw,
owner “/home/*/.config/google-chrome/Default/Extension State/MANIFEST-*” rw,
/home/*/.config/google-chrome/Default/Extensions/ r,
owner /home/*/.config/google-chrome/Default/Extensions/** rw,
owner /home/*/.config/google-chrome/Default/Extensions/*/*/*/*.so mrw,
owner /home/*/.config/google-chrome/Default/Favicons rwk,
owner /home/*/.config/google-chrome/Default/Favicons-journal rw,
owner “/home/*/.config/google-chrome/Default/File System/*/*/.usage” rw,
owner “/home/*/.config/google-chrome/Default/File System/Origins/LOCK” rw,
owner “/home/*/.config/google-chrome/Default/File System/Origins/MANIFEST-*” rw,
owner /home/*/.config/google-chrome/Default/History* rwk,
owner /home/*/.config/google-chrome/Default/IndexedDB/ r,
owner /home/*/.config/google-chrome/Default/IndexedDB/*.leveldb/ mrw,
owner /home/*/.config/google-chrome/Default/IndexedDB/*/LOCK rw,
owner “/home/*/.config/google-chrome/Default/Last Session” rw,
owner “/home/*/.config/google-chrome/Default/Last Tabs” rw,
owner “/home/*/.config/google-chrome/Default/Local Storage/” r,
owner “/home/*/.config/google-chrome/Default/Local Storage/*” rwk,
owner “/home/*/.config/google-chrome/Default/Login Data” rwk,
owner “/home/*/.config/google-chrome/Default/Login Data-journal” rw,
owner “/home/*/.config/google-chrome/Default/Managed Mode Settings” rw,
owner “/home/*/.config/google-chrome/Default/Network Action Predictor” rwk,
owner “/home/*/.config/google-chrome/Default/Network Action Predictor-journal” rw,
owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/*” rw,
owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/CacheWritableAdobeRoot/AssetCache/” r,
owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/CacheWritableAdobeRoot/AssetCache/**” mrw,
“/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/” r,
“/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/**” rw,
owner “/home/*/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/macromedia.com/support/flashplayer/sys/**” rw,
owner /home/*/.config/google-chrome/Default/Preferences rw,
owner /home/*/.config/google-chrome/Default/QuotaManager rwk,
owner /home/*/.config/google-chrome/Default/QuotaManager-journal rw,
owner /home/*/.config/google-chrome/Default/Shortcuts rwk,
owner /home/*/.config/google-chrome/Default/Shortcuts-journal rw,
“/home/*/.config/google-chrome/Default/Sync Data/” rwk,
owner “/home/*/.config/google-chrome/Default/Sync Data/SyncData.sqlite3″ rwk,
owner “/home/*/.config/google-chrome/Default/Sync Data/SyncData.sqlite3-journal” rw,
“/home/*/.config/google-chrome/Default/Sync Extension Settings/*/” r,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.dbtmp” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.log” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/*.sst” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/CURRENT” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/LOCK” rw,
owner “/home/*/.config/google-chrome/Default/Sync Extension Settings/*/MANIFEST-*” rw,
owner “/home/*/.config/google-chrome/Default/Top Sites” rwk,
owner “/home/*/.config/google-chrome/Default/Top Sites-journal” rw,
owner /home/*/.config/google-chrome/Default/TransportSecurity rw,
owner “/home/*/.config/google-chrome/Default/User StyleSheets/*.css” rw,
owner “/home/*/.config/google-chrome/Default/Visited Links” rw,
owner “/home/*/.config/google-chrome/Default/Web Data” rwk,
owner “/home/*/.config/google-chrome/Default/Web Data-journal” rw,
owner /home/*/.config/google-chrome/Default/databases/ rw,
owner /home/*/.config/google-chrome/Default/databases/*.com*/* rwk,
owner /home/*/.config/google-chrome/Default/databases/*.db rwk,
owner /home/*/.config/google-chrome/Default/databases/*.db-journal rwk,
owner /home/*/.config/google-chrome/Default/databases/chrome-extension*/* rwk,
owner /home/*/.config/google-chrome/Dictionaries/*.bdic rw,
owner “/home/*/.config/google-chrome/Local State” rw,
/home/*/.config/google-chrome/PepperFlash/ r,
owner “/home/*/.config/google-chrome/Safe Browsing Bloom” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Bloom Filter 2″ rw,
owner “/home/*/.config/google-chrome/Safe Browsing Bloom_new” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Cookies” rwk,
owner “/home/*/.config/google-chrome/Safe Browsing Cookies-journal” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Csd Whitelist” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Csd Whitelist_new” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Download” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Download Whitelist” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Download Whitelist_new” rw,
owner “/home/*/.config/google-chrome/Safe Browsing Download_new” rw,
owner /home/*/.config/google-chrome/SingletonCookie rw,
owner /home/*/.config/google-chrome/SingletonLock rw,
owner /home/*/.config/google-chrome/SingletonSocket rw,
owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/ r,
owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/*.png rw,
owner /home/*/.config/google-chrome/Temp/scoped_dir_*/CRX_INSTALL/_locales/ rw,
/home/*/.gtk-bookmarks r,
/home/*/.java/deployment/deployment.properties rwk,
/home/*/.local/share/icons/ r,
/home/*/.local/share/icons/*/*/apps/ r,
/home/*/.local/share/mime/* mr,
/home/*/.local/share/recently-used.xbel rw,
/home/*/.local/share/recently-used.xbel.* rw,
/home/*/.pki/nssdb/cert9.db rwk,
/home/*/.pki/nssdb/key4.db rwk,
/home/*/.pki/nssdb/pkcs11.txt rw,
/home/*/.pulse-cookie rwk,
/home/*/.pulse/ r,
/home/*/.thumbnails/normal/* r,
/home/*/Downloads/ r,
/home/*/Downloads/** rw,
/home/*/Pictures/ r,
/home/*/Pictures/** rw,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libbz2.so.* mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/lib/x86_64-linux-gnu/libcom_err.so.* mr,
/lib/x86_64-linux-gnu/libdbus-*.so.* mr,
/lib/x86_64-linux-gnu/libdl-*.so mr,
/lib/x86_64-linux-gnu/libexpat.so.* mr,
/lib/x86_64-linux-gnu/libgcc_s.so.* mr,
/lib/x86_64-linux-gnu/libgcrypt.so.* mr,
/lib/x86_64-linux-gnu/libglib-*.so.* mr,
/lib/x86_64-linux-gnu/libgpg-error.so.* mr,
/lib/x86_64-linux-gnu/libkeyutils.so.* mr,
/lib/x86_64-linux-gnu/libm-*.so mr,
/lib/x86_64-linux-gnu/libnsl-*.so mr,
/lib/x86_64-linux-gnu/libnss_dns-*.so mr,
/lib/x86_64-linux-gnu/libnss_files-*.so mr,
/lib/x86_64-linux-gnu/libpci.so.* mr,
/lib/x86_64-linux-gnu/libpcre.so.* mr,
/lib/x86_64-linux-gnu/libpng*.so.* mr,
/lib/x86_64-linux-gnu/libpthread-*.so mr,
/lib/x86_64-linux-gnu/libresolv-*.so mr,
/lib/x86_64-linux-gnu/librt-*.so mr,
/lib/x86_64-linux-gnu/libselinux.so.* mr,
/lib/x86_64-linux-gnu/libtinfo.so.* mr,
/lib/x86_64-linux-gnu/libudev.so.* mr,
/lib/x86_64-linux-gnu/libwrap.so.* mr,
/lib/x86_64-linux-gnu/libz.so.* mr,
/opt/google/chrome/*.png r,
/opt/google/chrome/PepperFlash/libpepflashplayer.so mr,
/opt/google/chrome/chrome mrix,
/opt/google/chrome/chrome-sandbox mrPx,
/opt/google/chrome/chrome.pak r,
/opt/google/chrome/default_apps/ r,
/opt/google/chrome/default_apps/*.json rw,
/opt/google/chrome/extensions/ rw,
/opt/google/chrome/google-chrome rix,
/opt/google/chrome/libffmpegsumo.so mr,
/opt/google/chrome/libpdf.so mr,
/opt/google/chrome/libppGoogleNaClPluginChrome.so mr,
/opt/google/chrome/locales/en-US.pak r,
/opt/google/chrome/nacl_helper_bootstrap Px,
/opt/google/chrome/nacl_irt_x86_64.nexe r,
/opt/google/chrome/resources.pak r,
/opt/google/chrome/theme_resources_*_percent.pak r,
/opt/google/chrome/ui_resources_*_percent.pak r,
/proc/*/mounts r,
/run/shm/ r,
/run/shm/.com.google.Chrome.* rw,
/run/shm/pulse-shm-* rw,
/selinux/ r,
/sys/bus/pci/devices/ r,
/sys/devices/*/*/resource r,
/sys/devices/pci*/*/*/class r,
/sys/devices/pci*/*/*/device r,
/sys/devices/pci*/*/*/irq r,
/sys/devices/pci*/*/*/resource r,
/sys/devices/pci*/*/*/vendor r,
/sys/devices/pci*/*:*/class r,
/sys/devices/pci*/*:*/device r,
/sys/devices/pci*/*:*/irq r,
/sys/devices/pci*/*:*/vendor r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_*_freq r,
/sys/devices/system/cpu/online r,
/tmp/ r,
/tmp/** rw,
owner /tmp/chrome/** mrwk,
/usr/bin/dirname rCx,
/usr/bin/lsb_release rCx,
/usr/bin/xdg-open rCx,
/usr/bin/xdg-settings rCx,
/usr/include/python*/pyconfig.h r,
/usr/lib/gtk-*/*/menuproxies/libappmenu.so mr,
/usr/lib/jvm/java-*-oracle/jre/bin/java mrPx,
/usr/lib/jvm/java-*-oracle/jre/lib/** mr,
/usr/lib/libdee-*.so.* mr,
/usr/lib/libicudata.so.* mr,
/usr/lib/libicui18n.so.* mr,
/usr/lib/libicuuc.so.* mr,
/usr/lib/liboverlay-scrollbar*.so.* mr,
/usr/lib/libunity.so.* mr,
/usr/lib/locale/** mr,
/usr/lib/mozilla/plugins/ r,
/usr/lib/x86_64-linux-gnu/*/*/*modules/*.so mr,
/usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_conf_pulse.so mr,
/usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_pcm_pulse.so mr,
/usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_rate_speexrate.so mr,
/usr/lib/x86_64-linux-gnu/dri/libdricore.so mr,
/usr/lib/x86_64-linux-gnu/dri/libgallium.so mr,
/usr/lib/x86_64-linux-gnu/dri/libglsl.so mr,
/usr/lib/x86_64-linux-gnu/dri/r*_dri.so mr,
/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so mr,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules mr,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders.cache mr,
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders/libpixbufloader-png.so mr,
/usr/lib/x86_64-linux-gnu/gdk-pixbuf-*/*/loaders/libpixbufloader-svg.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/ r,
/usr/lib/x86_64-linux-gnu/gio/modules/giomodule.cache mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libdconfsettings.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgiognutls.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgiolibproxy.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgioremote-volume-monitor.so mr,
/usr/lib/x86_64-linux-gnu/gio/modules/libgvfsdbus.so mr,
/usr/lib/x86_64-linux-gnu/gtk-*/*/engines/libmurrine.so mr,
/usr/lib/x86_64-linux-gnu/gtk-*/*/gtk.immodules mr,
/usr/lib/x86_64-linux-gnu/gtk-*/modules/libcanberra-gtk-module.so mr,
/usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/printbackends/libprintbackend-cups.so mr,
/usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/printbackends/libprintbackend-file.so mr,
/usr/lib/x86_64-linux-gnu/gvfs/libgvfscommon.so mr,
/usr/lib/x86_64-linux-gnu/libFLAC.so.* mr,
/usr/lib/x86_64-linux-gnu/libLLVM-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libX11-xcb.so.* mr,
/usr/lib/x86_64-linux-gnu/libX11.so.* mr,
/usr/lib/x86_64-linux-gnu/libXau.so.* mr,
/usr/lib/x86_64-linux-gnu/libXcomposite.so.* mr,
/usr/lib/x86_64-linux-gnu/libXcursor.so.* mr,
/usr/lib/x86_64-linux-gnu/libXdamage.so.* mr,
/usr/lib/x86_64-linux-gnu/libXdmcp.so.* mr,
/usr/lib/x86_64-linux-gnu/libXext.so.* mr,
/usr/lib/x86_64-linux-gnu/libXfixes.so.* mr,
/usr/lib/x86_64-linux-gnu/libXi.so.* mr,
/usr/lib/x86_64-linux-gnu/libXinerama.so.* mr,
/usr/lib/x86_64-linux-gnu/libXrandr.so.* mr,
/usr/lib/x86_64-linux-gnu/libXrender.so.* mr,
/usr/lib/x86_64-linux-gnu/libXss.so.* mr,
/usr/lib/x86_64-linux-gnu/libXxf86vm.so.* mr,
/usr/lib/x86_64-linux-gnu/libasound.so.* mr,
/usr/lib/x86_64-linux-gnu/libasyncns.so.* mr,
/usr/lib/x86_64-linux-gnu/libatk-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libavahi-client.so.* mr,
/usr/lib/x86_64-linux-gnu/libavahi-common.so.* mr,
/usr/lib/x86_64-linux-gnu/libcairo.so.* mr,
/usr/lib/x86_64-linux-gnu/libcanberra-*/libcanberra-alsa.so r,
/usr/lib/x86_64-linux-gnu/libcanberra-*/libcanberra-pulse.so r,
/usr/lib/x86_64-linux-gnu/libcanberra-gtk.so.* mr,
/usr/lib/x86_64-linux-gnu/libcanberra.so.* mr,
/usr/lib/x86_64-linux-gnu/libcroco-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libcups.so.* mr,
/usr/lib/x86_64-linux-gnu/libdbus-glib-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libdbusmenu-glib.so.* mr,
/usr/lib/x86_64-linux-gnu/libdbusmenu-gtk.so.* mr,
/usr/lib/x86_64-linux-gnu/libdrm.so.* mr,
/usr/lib/x86_64-linux-gnu/libffi.so.* mr,
/usr/lib/x86_64-linux-gnu/libfontconfig.so.* mr,
/usr/lib/x86_64-linux-gnu/libfreetype.so.* mr,
/usr/lib/x86_64-linux-gnu/libgconf-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgdk-x11-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgdk_pixbuf-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgee.so.* mr,
/usr/lib/x86_64-linux-gnu/libgio-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libglapi.so.* mr,
/usr/lib/x86_64-linux-gnu/libgmodule-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgnome-keyring.so.* mr,
/usr/lib/x86_64-linux-gnu/libgnutls.so.* mr,
/usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgssapi_krb*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgthread-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgtk-x*-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libibus-*.*.so.* mr,
/usr/lib/x86_64-linux-gnu/libjson.so.* mr,
/usr/lib/x86_64-linux-gnu/libk5crypto.so.* mr,
/usr/lib/x86_64-linux-gnu/libkrb5.so.* mr,
/usr/lib/x86_64-linux-gnu/libkrb5support.so.* mr,
/usr/lib/x86_64-linux-gnu/libltdl.so.* mr,
/usr/lib/x86_64-linux-gnu/libnspr*.so mr,
/usr/lib/x86_64-linux-gnu/libnss*.so mr,
/usr/lib/x86_64-linux-gnu/libogg.so.* mr,
/usr/lib/x86_64-linux-gnu/libp*-kit.so.* mr,
/usr/lib/x86_64-linux-gnu/libpango-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libpangocairo-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libpangoft*-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libpixman-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libplc*.so mr,
/usr/lib/x86_64-linux-gnu/libplds*.so mr,
/usr/lib/x86_64-linux-gnu/libpulse.so.* mr,
/usr/lib/x86_64-linux-gnu/libpulsecommon-*.so mr,
/usr/lib/x86_64-linux-gnu/librsvg-2.*o.* mr,
/usr/lib/x86_64-linux-gnu/libsmime*.so mr,
/usr/lib/x86_64-linux-gnu/libsndfile.so.* mr,
/usr/lib/x86_64-linux-gnu/libspeexdsp.so.* mr,
/usr/lib/x86_64-linux-gnu/libsqlite*.so.* mr,
/usr/lib/x86_64-linux-gnu/libstdc*.so.* mr,
/usr/lib/x86_64-linux-gnu/libtasn1.so.* mr,
/usr/lib/x86_64-linux-gnu/libtdb.so.* mr,
/usr/lib/x86_64-linux-gnu/libvorbis.so.* mr,
/usr/lib/x86_64-linux-gnu/libvorbisenc.so.* mr,
/usr/lib/x86_64-linux-gnu/libvorbisfile.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb-glx.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb-render.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb-shm.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb.so.* mr,
/usr/lib/x86_64-linux-gnu/libxml2.so.* mr,
/usr/lib/x86_64-linux-gnu/mesa/libGL.so.* mr,
/usr/lib/x86_64-linux-gnu/nss/libfreebl*.so mr,
/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so mr,
/usr/lib/x86_64-linux-gnu/nss/libsoftokn*.so mr,
/usr/lib/x86_64-linux-gnu/pango/*/module-files.d/ r,
/usr/lib/x86_64-linux-gnu/pango/*/module-files.d/libpango*.*.modules mr,
/usr/local/lib/python*/dist-packages/ r,
/usr/local/share/icons/ r,
/usr/local/share/icons/hicolor/*/apps/ r,
/usr/local/share/icons/hicolor/*/apps/*chrome.png r,
/usr/local/share/icons/hicolor/scalable/apps/ r,
/usr/share/** r,
/var/cache/*/*.cache-* mr,
/var/cache/nscd/group r,
/var/cache/nscd/passwd r,
/var/lib/dbus/machine-id r,
/var/tmp/ r,
owner /var/tmp/** w,
/var/tmp/** r,
/{,var/}run/.nscd_socket rw,
/{,var/}run/mdnsd rw,
/{,var/}run/nscd/socket rw,
/{,var/}run/resolvconf/resolv.conf r,
/{,var/}run/utmp r,
owner @{HOME}/.cache/** mrw,
owner @{HOME}/.config/** mrw,
@{PROC}/ r,
@{PROC}/*/auxv r,
@{PROC}/*/coredump_filter rw,
@{PROC}/*/maps r,
@{PROC}/[0-9]*/cmdline r,
@{PROC}/[0-9]*/fd/ r,
@{PROC}/[0-9]*/io r,
@{PROC}/[0-9]*/oom_score_adj w,
@{PROC}/[0-9]*/stat r,
@{PROC}/[0-9]*/statm r,
@{PROC}/[0-9]*/status r,
@{PROC}/[0-9]*/task/ r,
@{PROC}/[0-9]*/task/*/stat r,
@{PROC}/cpuinfo r,
@{PROC}/filesystems r,
@{PROC}/meminfo r,
@{PROC}/sys/kernel/shmmax r,
profile /bin/mkdir {

/bin/mkdir r,
/etc/ld.so.cache r,
/lib/x86_64-linux-gnu/ld*.so mr,
/lib/x86_64-linux-gnu/libc*.so mr,
/lib/x86_64-linux-gnu/libdl*.so mr,
/lib/x86_64-linux-gnu/libselinux.so* mr,
/proc/filesystems r,
/usr/lib/locale/locale-archive r,

}

profile /bin/readlink {

/bin/readlink r,
/etc/ld.so.cache r,
/lib/x86_64-linux-gnu/ld*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/usr/lib/locale/locale-archive r,

}

profile /bin/which {

/bin/dash r,
/bin/which r,
/dev/null rw,
/etc/ld.so.cache r,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,

}

profile /usr/bin/dirname {

/etc/ld.so.cache r,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/usr/bin/dirname r,
/usr/lib/locale/locale-archive r,

}

profile /usr/bin/lsb_release {
/dev/null rw,
/etc/ld.so.cache mr,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/lib/x86_64-linux-gnu/libcrypto.so.* mr,
/lib/x86_64-linux-gnu/libdl-*.so mr,
/lib/x86_64-linux-gnu/libgcc_s.so.* mr,
/lib/x86_64-linux-gnu/libm-*.so mr,
/lib/x86_64-linux-gnu/libpthread-*.so mr,
/lib/x86_64-linux-gnu/libssl.so.* mr,
/lib/x86_64-linux-gnu/libutil-*.so mr,
/lib/x86_64-linux-gnu/libz.so.* mr,
/proc/meminfo r,
/usr/bin/python* r,
/usr/include/python2.7/pyconfig.h r,
/usr/lib/python*/UserDict.py r,
/usr/lib/python*/UserDict.pyc r,
/usr/lib/python*/_abcoll.py r,
/usr/lib/python*/_abcoll.pyc r,
/usr/lib/python*/abc.py r,
/usr/lib/python*/abc.pyc r,
/usr/lib/python*/genericpath.py r,
/usr/lib/python*/genericpath.pyc r,
/usr/lib/python*/linecache.py r,
/usr/lib/python*/linecache.pyc r,
/usr/lib/python*/os.py r,
/usr/lib/python*/os.pyc r,
/usr/lib/python*/posixpath.py r,
/usr/lib/python*/posixpath.pyc r,
/usr/lib/python*/site.py r,
/usr/lib/python*/site.pyc r,
/usr/lib/python*/stat.py r,
/usr/lib/python*/stat.pyc r,
/usr/lib/python*/types.py r,
/usr/lib/python*/types.pyc r,
/usr/lib/python*/warnings.py r,
/usr/lib/python*/warnings.pyc r,
/usr/lib/python2.7/_weakrefset.py r,
/usr/lib/python2.7/_weakrefset.pyc r,
/usr/lib/python2.7/config/Makefile r,
/usr/lib/python2.7/copy_reg.py r,
/usr/lib/python2.7/copy_reg.pyc r,
/usr/lib/python2.7/re.py r,
/usr/lib/python2.7/re.pyc r,
/usr/lib/python2.7/sre_compile.py r,
/usr/lib/python2.7/sre_compile.pyc r,
/usr/lib/python2.7/sre_constants.py r,
/usr/lib/python2.7/sre_constants.pyc r,
/usr/lib/python2.7/sre_parse.py r,
/usr/lib/python2.7/sre_parse.pyc r,
/usr/lib/python2.7/sysconfig.py r,
/usr/lib/python2.7/sysconfig.pyc r,
/usr/lib/python2.7/traceback.py r,
/usr/lib/python2.7/traceback.pyc r,

}

profile /usr/bin/xdg-open {

/bin/dash r,
/etc/ld.so.cache mr,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,

}

profile /usr/bin/xdg-settings {

/bin/dash r,
/bin/grep rix,
/bin/mkdir rix,
/bin/readlink rix,
/bin/sed rix,
/bin/touch rix,
/bin/which rix,
/dev/null rw,
/etc/gnome/defaults.list r,
/etc/ld.so.cache mr,
/etc/locale.alias r,
/home/*/.local/share/applications/ rw,
/home/*/.local/share/applications/mimeapps.list r,
/lib/x86_64-linux-gnu/ld-*.so mr,
/lib/x86_64-linux-gnu/libc-*.so mr,
/lib/x86_64-linux-gnu/libdbus-*.so.* mr,
/lib/x86_64-linux-gnu/libdl-*.so mr,
/lib/x86_64-linux-gnu/libglib-*.so.* mr,
/lib/x86_64-linux-gnu/libm-*.so mr,
/lib/x86_64-linux-gnu/libpcre.so.* mr,
/lib/x86_64-linux-gnu/libpthread-*.so mr,
/lib/x86_64-linux-gnu/libresolv-*.so mr,
/lib/x86_64-linux-gnu/librt-*.so mr,
/lib/x86_64-linux-gnu/libselinux.so.* mr,
/lib/x86_64-linux-gnu/libz.so.* mr,
/proc/*/maps r,
/proc/filesystems r,
/usr/bin/basename rix,
/usr/bin/cut rix,
/usr/bin/dirname rix,
/usr/bin/gawk rix,
/usr/bin/gconftool-2 rix,
/usr/bin/xdg-mime rix,
/usr/bin/xdg-settings r,
/usr/lib/libsigsegv.so.* mr,
/usr/lib/locale/** r,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules mr,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
/usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.* mr,
/usr/lib/x86_64-linux-gnu/libffi.so.* mr,
/usr/lib/x86_64-linux-gnu/libgconf-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgio-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgmodule-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libgthread-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libxml*.so.* mr,
/usr/local/share/applications/google-chrome.desktop r,

}
}

Thanks guys for any help on this.

**Hungry Man** · October 1st, 2012

Hey, about my Chrome profile it look slike there's a character there that shouldn't be or isn't recognized (both in this case). Try deleting and rewriting just the first few lines by hand. When copy/pasting from my blog the characters must have gotten screwed up. It's a wordpress issue and I can't really solve it unfortunately.

What I would suggest is that you set the profiles to complain mode, use the poker site for a minute, and then use 'aa-logprof' (in the terminal, no quotes) to see what they need access to. You can then just allow what's necessary.

**WhiteHatGuy** · October 2nd, 2012

Originally Posted by Hungry Man

Hey, about my Chrome profile it look slike there's a character there that shouldn't be or isn't recognized (both in this case). Try deleting and rewriting just the first few lines by hand. When copy/pasting from my blog the characters must have gotten screwed up. It's a wordpress issue and I can't really solve it unfortunately.

What I would suggest is that you set the profiles to complain mode, use the poker site for a minute, and then use 'aa-logprof' (in the terminal, no quotes) to see what they need access to. You can then just allow what's necessary.

Ok, I try yesterday but I was not able to figure out this one.

Ok I put the profile in complain mode,then I enter the poker room for a minute, then I put aa-logprof in the terminal, I get somemthing like, reading logs, and profiles in /etc/apparmor.d/ has been updated.

So far so good.

But then I have absolutely no idea what to do. Whats the next step. I mean the profile has been modified automatically and I should use it now?
Or do I have to go to the logs folder to see what rulez has been denied. And then make the right changes in the apparmor profile.

I am kinda lost on this one.

**Hungry Man** · October 3rd, 2012

If you can enforce the profile and it works then all is well and you can just leave it like that.

**WhiteHatGuy** · October 3rd, 2012

Originally Posted by Hungry Man

If you can enforce the profile and it works then all is well and you can just leave it like that.

OOOOhhhhhh ok now I get it.

Regarding your profile look the error I get when I use aa-logprof in the terminal:

Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.

/etc/apparmor.d/GoogleChromeHungry contains syntax errors. Line [owner “/home/*/.config/google-chrome/Certificate Revocation Lists” rw,]

Aparently there is something wrong with line 58, It must be my computer or something I did, damn it. I am going to write it by hand and see what happends.

Thanks

**Hungry Man** · October 3rd, 2012

Delete the quotes and rewrite them in manually. It's a wordpress issue.

You can just do a find and replace. Copy the quotes from the broken line and then put that in the 'find' box. In the replace just type an actual quote from the keyboard.

**WhiteHatGuy** · October 3rd, 2012

Originally Posted by Hungry Man

Delete the quotes and rewrite them in manually. It's a wordpress issue.

You can just do a find and replace. Copy the quotes from the broken line and then put that in the 'find' box. In the replace just type an actual quote from the keyboard.

WoW, yep it was the quotes, I was able to fix it. Thanks.

But unfourntanly. When I enforce the profile. I cant start Google Chrome. If I click the shortcut on my desktop of google chrome, does not open and nothing happends.

The same thing happen if I use Chronomatic KodiacZiller profile for google chrome.

**Hungry Man** · October 3rd, 2012

Now that you've managed to get it enforced and we've fixed that quotation issue perhaps aa-logprof will give new results?

Could you also post the output of aa-status? Might help me - thanks.

**rookcifer** · October 3rd, 2012

Originally Posted by WhiteHatGuy

The same thing happen if I use Chronomatic KodiacZiller profile for google chrome.

Calm down. Hungry and I will walk you through this.

I have written a complete guide on AA profiles for Google Chrome. It's on my blog. It will include the following profiles:

usr.lib.totem.totem-plugin
browser-openjdk

As well as profiles for every part of Chrome:
google-chrome (the shell script)
nacl_bootstrap_helper
chrome-sandbox
chrome (the main binary)

If you install these as directed on my blog, you should be able to use Chrome without issue.

**WhiteHatGuy** · October 3rd, 2012

Originally Posted by Hungry Man

Now that you've managed to get it enforced and we've fixed that quotation issue perhaps aa-logprof will give new results?

Could you also post the output of aa-status? Might help me - thanks.

My output is:

apparmor module is loaded.
25 profiles are loaded.
25 profiles are in enforce mode.
/opt/google/chrome/chrome
/opt/google/chrome/chrome///bin/mkdir
/opt/google/chrome/chrome///bin/readlink
/opt/google/chrome/chrome///bin/which
/opt/google/chrome/chrome///usr/bin/dirname
/opt/google/chrome/chrome///usr/bin/lsb_release
/opt/google/chrome/chrome///usr/bin/xdg-open
/opt/google/chrome/chrome///usr/bin/xdg-settings
/sbin/dhclient
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//launchpad_integration
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince-thumbnailer//sanitized_helper
/usr/bin/evince//launchpad_integration
/usr/bin/evince//sanitized_helper
/usr/bin/freshclam
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper
/usr/sbin/cupsd
/usr/sbin/ntpd
/usr/sbin/tcpdump
0 profiles are in complain mode.
3 processes have profiles defined.
3 processes are in enforce mode.
/sbin/dhclient (822)
/usr/bin/freshclam (1396)
/usr/sbin/cupsd (548)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

OMG WOW DUDE, this is getting real geek LOL. I never did stuff like this on windows.

I put your profile on complain mode, then I open Google Chrome and I went to the poker room and login, after a minute, I close google chrome. Then I put aa-logprof. And now it gives me the option to allow or denied rules. The ones that got my atention are java ones. I put allow to all of them cause I dont know wich ones are a threath or a danger. Plus I need to see if I am able ti fix the thing about google chrome not open when I put profile in enforce mode.

Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Complain-mode changes:

Profile: /opt/google/chrome/chrome
Path: /etc/timezone
Mode: r
Severity: unknown

[1 - /etc/timezone]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/CacheUpgrade.properties
Mode: r
Severity: 4

1 - /home/alex/.java/deployment/CacheUpgrade.properties
[2 - /home/*/.java/deployment/CacheUpgrade.properties]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/CacheUpgrade.properties r to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/cache/6.0/38/
Mode: r
Severity: 4

1 - /home/alex/.java/deployment/cache/6.0/38/
[2 - /home/*/.java/deployment/cache/6.0/38/]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/cache/6.0/38/ r to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/cache/6.0/38/651cc4a6-5553a7e5
Mode: r
Severity: 4

1 - /home/alex/.java/deployment/cache/6.0/38/651cc4a6-5553a7e5
[2 - /home/*/.java/deployment/cache/6.0/38/651cc4a6-5553a7e5]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/cache/6.0/38/651cc4a6-5553a7e5 r to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/cache/6.0/38/651cc4a6-5553a7e5.idx
Mode: rk
Severity: 4

1 - /home/alex/.java/deployment/cache/6.0/38/651cc4a6-5553a7e5.idx
[2 - /home/*/.java/deployment/cache/6.0/38/651cc4a6-5553a7e5.idx]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/cache/6.0/38/651cc4a6-5553a7e5.idx rk to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/cache/6.0/48/
Mode: r
Severity: 4

1 - /home/alex/.java/deployment/cache/6.0/48/
[2 - /home/*/.java/deployment/cache/6.0/48/]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/cache/6.0/48/ r to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/cache/6.0/5/
Mode: r
Severity: 4

1 - /home/alex/.java/deployment/cache/6.0/5/
[2 - /home/*/.java/deployment/cache/6.0/5/]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/cache/6.0/5/ r to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/cache/6.0/57/
Mode: r
Severity: 4

1 - /home/alex/.java/deployment/cache/6.0/57/
[2 - /home/*/.java/deployment/cache/6.0/57/]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/cache/6.0/57/ r to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/cache/6.0/57/581f60b9-7ee22016
Mode: r
Severity: 4

1 - /home/alex/.java/deployment/cache/6.0/57/581f60b9-7ee22016
[2 - /home/*/.java/deployment/cache/6.0/57/581f60b9-7ee22016]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/cache/6.0/57/581f60b9-7ee22016 r to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/deployment/cache/6.0/57/581f60b9-7ee22016.idx
Mode: rk
Severity: 4

1 - /home/alex/.java/deployment/cache/6.0/57/581f60b9-7ee22016.idx
[2 - /home/*/.java/deployment/cache/6.0/57/581f60b9-7ee22016.idx]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/*/.java/deployment/cache/6.0/57/581f60b9-7ee22016.idx rk to profile.

Profile: /opt/google/chrome/chrome
Path: /home/alex/.java/fonts/1.7.0_07/fcinfo-1-alex-desktop-Ubuntu-12.04-en.properties
Mode: r
Severity: 4

1 - /home/alex/.java/fonts/1.7.0_07/fcinfo-1-alex-desktop-Ubuntu-12.04-en.properties
2 - /home/*/.java/fonts/1.7.0_07/fcinfo-1-alex-desktop-Ubuntu-12.04-en.properties
[3 - /home/alex/.java/fonts/**]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /home/alex/.java/fonts/** r to profile.

Profile: /opt/google/chrome/chrome
Path: /lib/i386-linux-gnu/libc-2.15.so
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-gnome-terminal>
9 - #include <abstractions/ubuntu-konsole>
10 - /lib/i386-linux-gnu/libc-2.15.so
[11 - /lib/i386-linux-gnu/libc-*.so]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /lib/i386-linux-gnu/libc-*.so mr to profile.

Profile: /opt/google/chrome/chrome
Path: /lib/i386-linux-gnu/libgcc_s.so.1
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-gnome-terminal>
9 - #include <abstractions/ubuntu-konsole>
10 - /lib/i386-linux-gnu/libgcc_s.so.1
[11 - /lib/i386-linux-gnu/libgcc_s.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /lib/i386-linux-gnu/libgcc_s.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /lib/i386-linux-gnu/libpthread-2.15.so
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-gnome-terminal>
9 - #include <abstractions/ubuntu-konsole>
10 - /lib/i386-linux-gnu/libpthread-2.15.so
[11 - /lib/i386-linux-gnu/libpthread-*.so]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /lib/i386-linux-gnu/libpthread-*.so mr to profile.

Profile: /opt/google/chrome/chrome
Path: /lib/i386-linux-gnu/librt-2.15.so
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-gnome-terminal>
9 - #include <abstractions/ubuntu-konsole>
10 - /lib/i386-linux-gnu/librt-2.15.so
[11 - /lib/i386-linux-gnu/librt-*.so]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /lib/i386-linux-gnu/librt-*.so mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
[11 - /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/gio/modules/
Mode: r
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
[11 - /usr/lib/i386-linux-gnu/gio/modules/]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/gio/modules/ r to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/gio/modules/giomodule.cache
Mode: r
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
[11 - /usr/lib/i386-linux-gnu/gio/modules/giomodule.cache]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/gio/modules/giomodule.cache r to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/gio/modules/libgvfsdbus.so
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
[11 - /usr/lib/i386-linux-gnu/gio/modules/libgvfsdbus.so]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/gio/modules/libgvfsdbus.so mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/gvfs/libgvfscommon.so
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
[11 - /usr/lib/i386-linux-gnu/gvfs/libgvfscommon.so]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/gvfs/libgvfscommon.so mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/libX11.so.6.3.0
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/libX11.so.6.3.0
[12 - /usr/lib/i386-linux-gnu/libX11.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/libX11.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2
[12 - /usr/lib/i386-linux-gnu/libXcursor.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/libXcursor.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/libXext.so.6.4.0
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/libXext.so.6.4.0
[12 - /usr/lib/i386-linux-gnu/libXext.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/libXext.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
[12 - /usr/lib/i386-linux-gnu/libXfixes.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/libXfixes.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/libXrender.so.1.3.0
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/libXrender.so.1.3.0
[12 - /usr/lib/i386-linux-gnu/libXrender.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/libXrender.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/libXss.so.1.0.0
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/libXss.so.1.0.0
[12 - /usr/lib/i386-linux-gnu/libXss.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/libXss.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/libcroco-0.6.so.3.0.1
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/libcroco-0.6.so.3.0.1
[12 - /usr/lib/i386-linux-gnu/libcroco-0.6.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/libcroco-0.6.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1
[12 - /usr/lib/i386-linux-gnu/librsvg-2.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/librsvg-2.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Path: /usr/lib/i386-linux-gnu/libxml2.so.2.7.8
Mode: mr
Severity: unknown

1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/ubuntu-browsers.d/firefox>
6 - #include <abstractions/ubuntu-browsers.d/kde>
7 - #include <abstractions/ubuntu-browsers.d/mailto>
8 - #include <abstractions/ubuntu-browsers.d/plugins-common>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - /usr/lib/i386-linux-gnu/libxml2.so.2.7.8
[12 - /usr/lib/i386-linux-gnu/libxml2.so.*]

[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/lib/i386-linux-gnu/libxml2.so.* mr to profile.

Profile: /opt/google/chrome/chrome
Network Family: inet
Socket Type: dgram

[1 - #include <abstractions/nameservice>]
2 - network inet dgram

[(A)llow] / (D)eny / Audi(t) / Abo(r)t / (F)inish
Use of uninitialized value in numeric eq (==) at /usr/share/perl5/Immunix/AppArmor.pm line 4092.
Use of uninitialized value in numeric eq (==) at /usr/share/perl5/Immunix/AppArmor.pm line 4102.
Use of uninitialized value in numeric eq (==) at /usr/share/perl5/Immunix/AppArmor.pm line 4092.
Use of uninitialized value in numeric eq (==) at /usr/share/perl5/Immunix/AppArmor.pm line 4102.
Adding #include <abstractions/nameservice> to profile.
Deleted 14 previous matching profile entries.

= Changed Local Profiles =

The following local profiles were changed. Would you like to save them?

[1 - /opt/google/chrome/chrome]

(S)ave Changes / [(V)iew Changes] / Abo(r)t
Writing updated profile for /opt/google/chrome/chrome.

Can't write new AppArmor profile /etc/apparmor.d/GoogleChromeHungry: Permission denied

Thread: AppArmor Java Google Chrome FireFox profile question

Thread Tools

Display

AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Re: AppArmor Java Google Chrome FireFox profile question

Bookmarks

Bookmarks

Posting Permissions