[pkg-apparmor] Bug#742829: Bug#742829: closed by intrigeri <intrigeri at debian.org> (Bug#742829: fixed in apparmor 2.10.95-8)
Seth Arnold
seth.arnold at canonical.com
Thu Oct 5 01:39:47 UTC 2017
Thanks for tackling this Daniel,
On Fri, Sep 29, 2017 at 04:09:02PM -0400, Daniel Richard G. wrote:
> alias /etc/chromium-browser/ -> /etc/chromium/,
> alias /usr/bin/chromium-browser -> /usr/bin/chromium,
> alias /usr/lib/chromium-browser/chromium-browser-sandbox -> /usr/lib/chromium/chrome-sandbox,
> alias /usr/lib/chromium-browser/chromium-browser -> /usr/lib/chromium/chromium,
> alias /usr/lib/chromium-browser/ -> /usr/lib/chromium/,
Be aware that use of alias rules can drastically affect compilation times
and generated policy sizes. Maybe these should be variables that could be
set as they are changed?
> # We need 'flags=(attach_disconnected)' in newer chromium versions
> /usr/lib/chromium-browser/chromium-browser flags=(attach_disconnected) {
Please consider using a shorter, friendlier, profile name:
profile chromium-browser /usr/lib/chromium-browser/chromium-browser flags=(attach_disconnected) {
> capability sys_admin,
> capability sys_chroot,
> capability sys_ptrace,
I like sticking capabilities high in the profile, just after the #include
statements, so that they're more easily visible.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20171004/49c194bd/attachment.sig>
More information about the pkg-apparmor-team
mailing list