Public bug reported:
When using the apparmor profile for Chromium I get the following logs:
Mar 11 21:08:30 simon-laptop kernel: [63629.304008] type=1400
audit(1363050510.703:147): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq" pid=28320
comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:30 simon-laptop kernel: [63629.329904] type=1400
audit(1363050510.727:148): apparmor="ALLOWED" operation="open" parent=28324
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq" pid=28325
comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.823702] type=1400
audit(1363050511.223:149): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/virtual/block/dm-10/uevent" pid=28342 comm="Chrome_FileThre"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.823879] type=1400
audit(1363050511.223:150): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/virtual/block/dm-10/removable" pid=28342
comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.823906] type=1400
audit(1363050511.223:151): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/virtual/block/dm-10/size" pid=28342 comm="Chrome_FileThre"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824069] type=1400
audit(1363050511.223:152): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/virtual/block/dm-1/uevent" pid=28342 comm="Chrome_FileThre"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824291] type=1400
audit(1363050511.223:153): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/virtual/block/dm-1/removable" pid=28342
comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824321] type=1400
audit(1363050511.223:154): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/virtual/block/dm-1/size" pid=28342 comm="Chrome_FileThre"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824435] type=1400
audit(1363050511.223:155): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/virtual/block/dm-0/uevent" pid=28342 comm="Chrome_FileThre"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824736] type=1400
audit(1363050511.223:156): apparmor="ALLOWED" operation="open" parent=1
profile="/usr/lib/chromium-browser/chromium-browser"
name="/sys/devices/virtual/block/dm-0/removable" pid=28342
comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:36 simon-laptop kernel: [63634.907161] audit_printk_skb: 51
callbacks suppressed
Mar 11 21:08:36 simon-laptop kernel: [63634.907167] type=1400
audit(1363050516.319:174): apparmor="ALLOWED" operation="exec" parent=28401
profile="/usr/lib/chromium-browser/chromium-browser//xdgsettings"
name="/usr/bin/gawk" pid=28405 comm="xdg-mime" requested_mask="x"
denied_mask="x" fsuid=1000 ouid=0
target="/usr/lib/chromium-browser/chromium-browser//xdgsettings//null-60"
The attached patch extends the allowed rules to avoid those messages.
$ lsb_release -rd
Description: Ubuntu 12.04.2 LTS
Release: 12.04
$ apt-cache policy apparmor apparmor-profiles chromium-browser
apparmor:
Installed: 2.7.102-0ubuntu3.8
Candidate: 2.7.102-0ubuntu3.8
Version table:
*** 2.7.102-0ubuntu3.8 0
500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64
Packages
100 /var/lib/dpkg/status
2.7.102-0ubuntu3.7 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
2.7.102-0ubuntu3 0
500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
apparmor-profiles:
Installed: 2.7.102-0ubuntu3.8
Candidate: 2.7.102-0ubuntu3.8
Version table:
*** 2.7.102-0ubuntu3.8 0
500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64
Packages
100 /var/lib/dpkg/status
2.7.102-0ubuntu3.7 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
2.7.102-0ubuntu3 0
500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
chromium-browser:
Installed: 25.0.1364.160-0ubuntu0.12.04.1
Candidate: 25.0.1364.160-0ubuntu0.12.04.1
Version table:
*** 25.0.1364.160-0ubuntu0.12.04.1 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/universe amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/universe amd64
Packages
100 /var/lib/dpkg/status
18.0.1025.151~r130497-0ubuntu1 0
500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "usr.bin.chromium-browser.patch"
https://bugs.launchpad.net/bugs/1154164/+attachment/3570399/+files/usr.bin.chromium-browser.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1154164
Title:
Chromium needs more access
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1154164/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
