[pkg-apparmor] Bug#742829: closed by intrigeri <intrigeri at debian.org> (Bug#742829: fixed in apparmor 2.10.95-8)

[Guido Günther]

Hi Richard,
On Wed, Sep 27, 2017 at 03:49:48PM -0400, Daniel Richard G. wrote:
> Hi Guido!
> 
> On Wed, 2017 Sep 27 15:31+0200, Guido Günther wrote:
> > 
> > I stumbled across this today again since I was looking for a chromium
> > profile and still had one in /etc/apparmor.d/usr.bin.chromium-browser
> > so it seems the fix for 742829 didn't remove existing files:
> > 
> >    $ dpkg -S /etc/apparmor.d/usr.bin.chromium-browser 
> >    apparmor-profiles: /etc/apparmor.d/usr.bin.chromium-browse
> > 
> > So I ended up writing the same fixes in that were already suggested
> > here and I wonder why we can't just ship a profile if it's working
> > for people?
> 
> You'll get no argument from me :)  The main difficulty I've had is
> getting upstream (Ubuntu) to accept patches to fix the profile whenever
> Chromium's footprint gets bigger.

Great! I'm a big fan of doing things upstream but from my pov I'd
consider apparmor or chromium to be upstream not Ubuntu. What about
filing a bug against the Debian chromium package with an updated profile
as a start? We can then take it from there and file another one against
apparor once it proves working for more people.
Cheers,
 -- Guido

> 
> Case in point: No one's looked at this (old) merge request since it
> was posted, even though I was told to file a merge request to get
> my fixes in:
> 
>     https://code.launchpad.net/~skunk/apparmor-profiles/+git/apparmor-profiles/+merge/321802
> 
> I wouldn't mind officially maintaining the Chromium profile myself,
> given that I already do so for my own use and would like to see others
> benefit as well.
> 
> > That said I'd rather see this shipped with the chromium package so we
> > could reassign this (or open a separate report).
> 
> I'd like to see this happen too, if for no other reason than that the
> Chromium profile is currently maintained in a sort of no-man's land on
> the Ubuntu side.
>