Comment 6 for bug 1260048

apparmor-easyprof-ubuntu (1.1.11) trusty; urgency=medium

  * 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's
    fallback mechanism to QtWebKit works correctly. This is needed so 13.10
    framework webapps don't regress
  * 1.1/webview: prevent certificate db poisoning and disallow write access to
    @{HOME}/.pki/nssdb/*. Note, while this prevents cert attacks, it doesn't
    prevent information disclosure so once LP: 1260048 is fixed in oxide, we
    can remove the read access.

Leaving the apparmor-easyprof-ubuntu task open since whenever oxide is updated we'll want to remove the workaround policy.