Bug#747159: marked as done (Chromium browser profile not adapted to Debian packaging)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 28 Aug 2018 10:16:44 +0200
with message-id <fbf14c45814ccab6f265abe115f417e91e921899.camel@debian.org>
and subject line Re: [Pkg-xfce-devel] Bug#747159:  Processed: Re: Bug#742829
has caused the Debian Bug report #747159,
regarding Chromium browser profile not adapted to Debian packaging
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
747159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747159
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian BTS <submit@bugs.debian.org>
• Subject: Chromium browser profile not adapted to Debian packaging
• From: "Daniel Richard G." <skunk@iSKUNK.ORG>
• Date: Thu, 27 Mar 2014 16:25:36 -0400
• Message-id: <1395951936.13027.99750365.3EAA2CEF@webmail.messagingengine.com>

Package: apparmor-profiles
Version: 2.7.103-4

The /etc/apparmor.d/usr.bin.chromium-browser profile appears to have
been taken verbatim from Ubuntu, and unfortunately is not usable with
Debian's packaging of the Chromium browser without a number of
modifications (starting with a file rename):

--- /etc/apparmor.d/usr.bin.chromium-browser	2014-03-27 16:16:54.000000000 -0400
+++ /etc/apparmor.d/usr.bin.chromium	2014-03-27 16:22:15.119117865 -0400
@@ -2,7 +2,7 @@
 #include <tunables/global>
 
 # We need 'flags=(attach_disconnected)' in newer chromium versions
-/usr/lib/chromium-browser/chromium-browser flags=(attach_disconnected) {
+/usr/lib/chromium/chromium flags=(attach_disconnected) {
   #include <abstractions/audio>
   #include <abstractions/base>
   #include <abstractions/cups-client>
@@ -63,11 +63,11 @@
   @{PROC}/sys/kernel/shmmax r,
   owner /{dev,run}/shm/{,.}org.chromium.* mrw,
 
-  /usr/lib/chromium-browser/*.pak mr,
-  /usr/lib/chromium-browser/locales/* mr,
+  /usr/lib/chromium/*.pak mr,
+  /usr/lib/chromium/locales/* mr,
 
   # Noisy
-  deny /usr/lib/chromium-browser/** w,
+  deny /usr/lib/chromium/** w,
 
   # Make browsing directories work
   / r,
@@ -108,16 +108,16 @@
   owner @{HOME}/.config/chromium/**/Dictionaries/*.bdic mr,
 
   # Allow transitions to ourself and our sandbox
-  /usr/lib/chromium-browser/chromium-browser ix,
-  /usr/lib/chromium-browser/chromium-browser-sandbox cx -> chromium_browser_sandbox,
+  /usr/lib/chromium/chromium ix,
+  /usr/lib/chromium/chrome-sandbox cx -> chromium_browser_sandbox,
 
   # TODO: child profile
   /bin/ps Uxr,
-  /usr/lib/chromium-browser/xdg-settings Ux,
+  /usr/lib/chromium/xdg-settings Ux,
   /usr/bin/xdg-settings Ux,
 
   # Site-specific additions and overrides. See local/README for details.
-  #include <local/usr.bin.chromium-browser>
+  #include <local/usr.bin.chromium>
 
 profile chromium_browser_sandbox {
     # Be fanatical since it is setuid root and don't use an abstraction
@@ -161,9 +161,9 @@
     @{PROC}/[0-9]*/oom_score_adj w,
     @{PROC}/[0-9]*/task/[0-9]*/stat r,
 
-    /usr/bin/chromium-browser r,
-    /usr/lib/chromium-browser/chromium-browser Px,
-    /usr/lib/chromium-browser/chromium-browser-sandbox r,
+    /usr/bin/chromium r,
+    /usr/lib/chromium/chromium Px,
+    /usr/lib/chromium/chrome-sandbox r,
 
     owner /tmp/** rw,
   }


Likewise, /etc/apparmor.d/local/usr.bin.chromium-browser should
be renamed.

--- End Message ---

--- Begin Message ---

• To: 747159-done@bugs.debian.org
• Subject: Re: [Pkg-xfce-devel] Bug#747159: Processed: Re: Bug#742829
• From: Yves-Alexis Perez <corsac@debian.org>
• Date: Tue, 28 Aug 2018 10:16:44 +0200
• Message-id: <fbf14c45814ccab6f265abe115f417e91e921899.camel@debian.org>
• In-reply-to: <1399410379.5965.5.camel@scapa>
• References: <1399349921.21987.6C2FAD1B@webmail.messagingengine.com> <handler.s.C.139934995810579.transcript@bugs.debian.org> <1399368735.26926.3.camel@scapa> <1399409347.2594.114397009.1FBE1DD6@webmail.messagingengine.com> <1399410379.5965.5.camel@scapa>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Version: 1.10.1-2

On Tue, 2014-05-06 at 23:06 +0200, Yves-Alexis Perez wrote:
> On mar., 2014-05-06 at 16:49 -0400, Daniel Richard G. wrote:
> > A patch would be fairly simple:
> > 
> > --- /etc/apparmor.d/abstractions/lightdm_chromium-browser.orig  2014-04-28 
> > 15:33:22.000000000 -0400
> > +++ /etc/apparmor.d/abstractions/lightdm_chromium-browser       2014-05-06 
> > 16:40:08.014693614 -0400
> > @@ -8,7 +8,7 @@
> >  # abstractions/lightdm, this abstraction must be separate from
> >  # abstractions/lightdm.
> >  
> > -  /usr/lib/chromium-browser/chromium-browser Cx -> chromium_browser,
> > +  /usr/lib/chromium/chromium Cx -> chromium_browser,
> >    profile chromium_browser {
> >      # Allow all the same accesses as other applications in the guest
> > session
> >      #include <abstractions/lightdm>
> > @@ -29,5 +29,5 @@
> >  
> >      /selinux/ r,
> >  
> > -    /usr/lib/chromium-browser/chromium-browser-sandbox ix,
> > +    /usr/lib/chromium/chrome-sandbox ix,
> >    }
> > 
> 
> Well, it seems that it wouldn't be enough, see #747252.
> 

This was actually fixed in 1.10.1-2 but I closed the wrong bug in the
changelog entry.

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAluFBOwACgkQ3rYcyPpX
RFuRpQf8DzCcrQe0hvuBtGqmZsEC44EqvEKEgMoPMbUItxrOqVgtOVNsbyhKqaeU
/MleR4SgsYclUV6+Y12Oow1XMeFc9gidtIxtZBkZ3PT/eoB5YiUcf0DTnjpIM7Dz
WJPOQOET31V2EwsdR7sR7MRxGrP889r4imc/4FivgjNISYeJ/yPddxKvuuYKHYWZ
2A7PgkMGSdA3Hei5w1NAsT9zTTWzKuWZmt6jDjIDSvVx2AiBWN/iuUXVHAiDhepW
znmikLxhvPwgg7CED0gAgZQ1pI+s3M8mB7Jk3dGmSuPmZdyHmbhnCFZEYsRBgyYM
Xh+GCiFyYpOEpj14CKYZPk8D89jDpw==
=CZKM
-----END PGP SIGNATURE-----

--- End Message ---