[pkg-apparmor] Bug#884014: apparmor: AppArmor does not allow Thunderbird to open Hyperlinks with Chromium
intrigeri
intrigeri at debian.org
Mon Dec 11 06:36:28 UTC 2017
Control: tag -1 + upstream
Control: tag -1 + fixed-upstream
Hi Martin!
Martin:
> if Chromium is configured as the default web browser, then clicking a hyperlink
> in Thunderbird has no effect. The following error message is printed:
> Failed to execute child process “/usr/bin/chromium” (Permission denied).
Thanks for reporting.
> After having a look at /etc/apparmor.d/abstractions/ubuntu-browsers, I noticed
> that the only lines referring to chromium are the following:
> /usr/bin/chromium-browser Cx -> sanitized_helper,
> /usr/lib/chromium-browser/chromium-browser Cx -> sanitized_helper,
> These paths appear to be incorrect. On Debian testing at least, they should
> read as follows:
> /usr/bin/chromium Cx -> sanitized_helper,
> /usr/lib/chromium/chromium Cx -> sanitized_helper,
Right, we've fixed this upstream a few months ago:
https://gitlab.com/apparmor/apparmor/commit/cc5a23d4c1236a0221f7bae0fd3d59f583ec9a1d
> However, while this does allow Thunderbird to execute /usr/bin/chromium, it
> still doesn't fix the problem. Clicking on a hyperlink now prints the following
> stack trace to the console:
> /usr/lib/chromium/chrome-sandbox: error while loading shared libraries:
I believe an update of abstractions/ubuntu-helpers is needed to fix
that, see the second part of the commit I've linked to above.
Can you please confirm?
So this should be fixed in Debian once we package AppArmor 2.11.95
(aka. 2.12~beta1), unless someone wants to cherry-pick this commit as
a Debian patch for now.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list