touch-packages team mailing list archive

Thread
Date

[Bug 1419294] [NEW] Apparmor chromium profile denies loading policies

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Esokrates <Esokrarkose@xxxxxxxxx>
Date: Sat, 07 Feb 2015 16:40:49 -0000
Reply-to: Bug 1419294 <1419294@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Profiles in /etc/chromium-browser/policies/managed or /etc/chromium-
browser/policies/recommended are ignored when using the apparmor
profile.

Syslog excerpt:

Feb  7 17:10:11 ubuntu kernel: [23893.781721] audit: type=1400
audit(1423325411.004:109): apparmor="DENIED" operation="open"
profile="/usr/lib/chromium-browser/chromium-browser" name="/etc
/chromium-browser/policies/managed/policy.json" pid=16928
comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0

How to test:

Create a file policy.json in /etc/chromium-browser/policies/managed
containing:

{
  "RestoreOnStartup": 1
}

start the browser and type in "about:policy". Normally you should see
the policy being listed there, which is currently not the case because
apparmor denies the reading the policy file.

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

** Patch added: "patch.diff"
   https://bugs.launchpad.net/bugs/1419294/+attachment/4314343/+files/patch.diff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1419294

Title:
  Apparmor chromium profile denies loading policies

Status in apparmor package in Ubuntu:
  New

Bug description:
  Profiles in /etc/chromium-browser/policies/managed or /etc/chromium-
  browser/policies/recommended are ignored when using the apparmor
  profile.

  Syslog excerpt:

  Feb  7 17:10:11 ubuntu kernel: [23893.781721] audit: type=1400
  audit(1423325411.004:109): apparmor="DENIED" operation="open"
  profile="/usr/lib/chromium-browser/chromium-browser" name="/etc
  /chromium-browser/policies/managed/policy.json" pid=16928
  comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000
  ouid=0

  How to test:

  Create a file policy.json in /etc/chromium-browser/policies/managed
  containing:

  {
    "RestoreOnStartup": 1
  }

  start the browser and type in "about:policy". Normally you should see
  the policy being listed there, which is currently not the case because
  apparmor denies the reading the policy file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1419294/+subscriptions

Follow ups

[Bug 1419294] Re: Apparmor chromium profile denies loading policies
From: Launchpad Bug Tracker, 2015-03-30
[Bug 1419294] Re: Apparmor chromium profile denies loading policies
From: Launchpad Bug Tracker, 2015-03-30
[Bug 1419294] Re: Apparmor chromium profile denies loading policies
From: Launchpad Bug Tracker, 2015-03-19
[Bug 1419294] Re: Apparmor chromium profile denies loading policies
From: Jamie Strandboge, 2015-03-18
[Bug 1419294] Re: Apparmor chromium profile denies loading policies
From: Jamie Strandboge, 2015-02-09
[Bug 1419294] Re: Apparmor chromium profile denies loading policies
From: Ubuntu Foundations Team Bug Bot, 2015-02-07
[Bug 1419294] [NEW] Apparmor chromium profile denies loading policies
From: Esokrates, 2015-02-07

References

[Bug 1419294] [NEW] Apparmor chromium profile denies loading policies
From: Esokrates, 2015-02-07