Public bug reported: When using the apparmor profile for Chromium I get the following logs:
Mar 11 21:08:30 simon-laptop kernel: [63629.304008] type=1400 audit(1363050510.703:147): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq" pid=28320 comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:30 simon-laptop kernel: [63629.329904] type=1400 audit(1363050510.727:148): apparmor="ALLOWED" operation="open" parent=28324 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq" pid=28325 comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:31 simon-laptop kernel: [63629.823702] type=1400 audit(1363050511.223:149): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-10/uevent" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:31 simon-laptop kernel: [63629.823879] type=1400 audit(1363050511.223:150): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-10/removable" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:31 simon-laptop kernel: [63629.823906] type=1400 audit(1363050511.223:151): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-10/size" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:31 simon-laptop kernel: [63629.824069] type=1400 audit(1363050511.223:152): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-1/uevent" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:31 simon-laptop kernel: [63629.824291] type=1400 audit(1363050511.223:153): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-1/removable" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:31 simon-laptop kernel: [63629.824321] type=1400 audit(1363050511.223:154): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-1/size" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:31 simon-laptop kernel: [63629.824435] type=1400 audit(1363050511.223:155): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-0/uevent" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:31 simon-laptop kernel: [63629.824736] type=1400 audit(1363050511.223:156): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-0/removable" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Mar 11 21:08:36 simon-laptop kernel: [63634.907161] audit_printk_skb: 51 callbacks suppressed Mar 11 21:08:36 simon-laptop kernel: [63634.907167] type=1400 audit(1363050516.319:174): apparmor="ALLOWED" operation="exec" parent=28401 profile="/usr/lib/chromium-browser/chromium-browser//xdgsettings" name="/usr/bin/gawk" pid=28405 comm="xdg-mime" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/usr/lib/chromium-browser/chromium-browser//xdgsettings//null-60" The attached patch extends the allowed rules to avoid those messages. $ lsb_release -rd Description: Ubuntu 12.04.2 LTS Release: 12.04 $ apt-cache policy apparmor apparmor-profiles chromium-browser apparmor: Installed: 2.7.102-0ubuntu3.8 Candidate: 2.7.102-0ubuntu3.8 Version table: *** 2.7.102-0ubuntu3.8 0 500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages 100 /var/lib/dpkg/status 2.7.102-0ubuntu3.7 0 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 2.7.102-0ubuntu3 0 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages apparmor-profiles: Installed: 2.7.102-0ubuntu3.8 Candidate: 2.7.102-0ubuntu3.8 Version table: *** 2.7.102-0ubuntu3.8 0 500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages 100 /var/lib/dpkg/status 2.7.102-0ubuntu3.7 0 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 2.7.102-0ubuntu3 0 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages chromium-browser: Installed: 25.0.1364.160-0ubuntu0.12.04.1 Candidate: 25.0.1364.160-0ubuntu0.12.04.1 Version table: *** 25.0.1364.160-0ubuntu0.12.04.1 0 500 http://archive.ubuntu.com/ubuntu/ precise-updates/universe amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/universe amd64 Packages 100 /var/lib/dpkg/status 18.0.1025.151~r130497-0ubuntu1 0 500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Patch added: "usr.bin.chromium-browser.patch" https://bugs.launchpad.net/bugs/1154164/+attachment/3570399/+files/usr.bin.chromium-browser.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1154164 Title: Chromium needs more access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1154164/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs