[pkg-apparmor] Bug#859345: Bug#859345: The usr.bin.chromium-browser AppArmor profile refers to the wrong binary
intrigeri
intrigeri at debian.org
Sun Apr 2 16:00:14 UTC 2017
Control: fixed -1 2.10.95-8
mioz2:
> The AppArmor profile in /etc/apparmor.d/usr.bin.chromium-browser refers to the binary
> at /usr/bin/chromium-browser, but the actual Chromium binary in Debian is just named
> "chromium" (/usr/bin/chromium). Therefore, the profile is useless and Chromium is
> never confined.
Thanks for your report.
> The content and the name of this profile should be changed in the package
> apparmor-profiles to match the path of the actual Chromium binary to be
> enforced correctly.
> I've seen this problem in Jessie but I don't know if it's also in Stretch or Sid.
We don't ship this profile in testing/sid anymore:
apparmor (2.10.95-8) unstable; urgency=medium
* Stop applying add-chromium-browser.patch: it's been broken for years
on Debian, and nobody ever bothered to upstream this profile in a way
that makes it work cross-distro (Closes: #742829).
Hopefully this is addressed upstream at some point, and then we can
ship this profile again :)
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list