Ubuntu
apparmor package

Merge lp:~cmiller/ubuntu/trusty/apparmor/chromium-new-sandbox-name into lp:ubuntu/trusty/apparmor

  1. Trusty (14.04)
  2. chromium-new-sandbox-name
  3. Merge into trusty
Proposed by Chad Miller
Status: Approved
Approved by: Jamie Strandboge
Approved revision: 64
Proposed branch: lp:~cmiller/ubuntu/trusty/apparmor/chromium-new-sandbox-name
Merge into: lp:ubuntu/trusty/apparmor
Diff against target: 69 lines (+15/-4)
3 files modified
debian/changelog (+7/-0)
debian/patches/0001-add-chromium-browser.patch (+6/-4)
profiles/apparmor.d/usr.bin.chromium-browser (+2/-0)
To merge this branch: bzr merge lp:~cmiller/ubuntu/trusty/apparmor/chromium-new-sandbox-name
Reviewer Review Type Date Requested Status
Chad Miller (community) Disapprove
Jamie Strandboge Approve
Ubuntu branches Pending
Review via email: mp+193657@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is pending a landing ask and will be part of 2.8.0-0ubuntu34. Thanks!

As an aside, it probably makes sense to move this to the chromium-browser packaging like we do with firefox. You can probably follow https://wiki.ubuntu.com/ApparmorProfileMigration if you are interested (along with mimicking firefox's packaging to disable it on install). Note, this would not be a change for SRUs, so it would make the packaging diverge.

review: Approve
Reply
Revision history for this message
Chad Miller (cmiller) wrote :

I'm moving the entire apparmor profile to the chromium packaging, so this will be superceded. If it's not already applied, please feel free ignoring it.

review: Disapprove
Reply
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

It's already in the archive and in this branch.

Reply

Unmerged revisions

64. By Chad Miller

debian/patches/0001-add-chromium-browser.patch: Follow new chromium-browser
sandbox name. Keep old name for now to allow transition. LP: #1247269

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2013-10-31 13:23:57 +0000
+++ debian/changelog 2013-11-01 20:28:20 +0000
@@ -1,3 +1,10 @@
1apparmor (2.8.0-0ubuntu34) UNRELEASED; urgency=low
2
3 * debian/patches/0001-add-chromium-browser.patch: Follow new chromium-browser
4 sandbox name. Keep old name for now to allow transition. LP: #1247269
5
6 -- Chad MILLER <chad.miller@canonical.com> Fri, 01 Nov 2013 16:18:54 -0400
7
1apparmor (2.8.0-0ubuntu33) trusty; urgency=low8apparmor (2.8.0-0ubuntu33) trusty; urgency=low
29
3 * Convert to dh.10 * Convert to dh.
411
=== modified file 'debian/patches/0001-add-chromium-browser.patch'
--- debian/patches/0001-add-chromium-browser.patch 2013-04-08 14:57:14 +0000
+++ debian/patches/0001-add-chromium-browser.patch 2013-11-01 20:28:20 +0000
@@ -2,11 +2,11 @@
2Description: chromium-browser profile2Description: chromium-browser profile
3Forwarded: yes3Forwarded: yes
44
5Index: apparmor-2.8.0/profiles/apparmor.d/usr.bin.chromium-browser5Index: apparmor/profiles/apparmor.d/usr.bin.chromium-browser
6===================================================================6===================================================================
7--- /dev/null 1970-01-01 00:00:00.000000000 +00007--- /dev/null
8+++ apparmor-2.8.0/profiles/apparmor.d/usr.bin.chromium-browser 2013-04-08 14:51:55.000000000 -05008+++ apparmor/profiles/apparmor.d/usr.bin.chromium-browser
9@@ -0,0 +1,219 @@9@@ -0,0 +1,221 @@
10+# Author: Jamie Strandboge <jamie@canonical.com>10+# Author: Jamie Strandboge <jamie@canonical.com>
11+#include <tunables/global>11+#include <tunables/global>
12+12+
@@ -130,6 +130,7 @@
130+ # Allow transitions to ourself and our sandbox130+ # Allow transitions to ourself and our sandbox
131+ /usr/lib/chromium-browser/chromium-browser ix,131+ /usr/lib/chromium-browser/chromium-browser ix,
132+ /usr/lib/chromium-browser/chromium-browser-sandbox cx -> chromium_browser_sandbox,132+ /usr/lib/chromium-browser/chromium-browser-sandbox cx -> chromium_browser_sandbox,
133+ /usr/lib/chromium-browser/chrome-sandbox cx -> chromium_browser_sandbox,
133+134+
134+ /bin/ps Uxr,135+ /bin/ps Uxr,
135+ /usr/lib/chromium-browser/xdg-settings Cxr -> xdgsettings,136+ /usr/lib/chromium-browser/xdg-settings Cxr -> xdgsettings,
@@ -220,6 +221,7 @@
220+ /usr/bin/chromium-browser r,221+ /usr/bin/chromium-browser r,
221+ /usr/lib/chromium-browser/chromium-browser Px,222+ /usr/lib/chromium-browser/chromium-browser Px,
222+ /usr/lib/chromium-browser/chromium-browser-sandbox r,223+ /usr/lib/chromium-browser/chromium-browser-sandbox r,
224+ /usr/lib/chromium-browser/chrome-sandbox r,
223+225+
224+ /dev/null rw,226+ /dev/null rw,
225+227+
226228
=== modified file 'profiles/apparmor.d/usr.bin.chromium-browser'
--- profiles/apparmor.d/usr.bin.chromium-browser 2013-04-08 14:57:14 +0000
+++ profiles/apparmor.d/usr.bin.chromium-browser 2013-11-01 20:28:20 +0000
@@ -121,6 +121,7 @@
121 # Allow transitions to ourself and our sandbox121 # Allow transitions to ourself and our sandbox
122 /usr/lib/chromium-browser/chromium-browser ix,122 /usr/lib/chromium-browser/chromium-browser ix,
123 /usr/lib/chromium-browser/chromium-browser-sandbox cx -> chromium_browser_sandbox,123 /usr/lib/chromium-browser/chromium-browser-sandbox cx -> chromium_browser_sandbox,
124 /usr/lib/chromium-browser/chrome-sandbox cx -> chromium_browser_sandbox,
124125
125 /bin/ps Uxr,126 /bin/ps Uxr,
126 /usr/lib/chromium-browser/xdg-settings Cxr -> xdgsettings,127 /usr/lib/chromium-browser/xdg-settings Cxr -> xdgsettings,
@@ -211,6 +212,7 @@
211 /usr/bin/chromium-browser r,212 /usr/bin/chromium-browser r,
212 /usr/lib/chromium-browser/chromium-browser Px,213 /usr/lib/chromium-browser/chromium-browser Px,
213 /usr/lib/chromium-browser/chromium-browser-sandbox r,214 /usr/lib/chromium-browser/chromium-browser-sandbox r,
215 /usr/lib/chromium-browser/chrome-sandbox r,
214216
215 /dev/null rw,217 /dev/null rw,
216218

Subscribers

People subscribed via source and target branches

to all changes: