summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2016-12-08 16:48:37 +0100
committerWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2016-12-08 16:48:37 +0100
commit172bccc699fa71c7a7baa828186121c3061f49f5 (patch)
tree21993f7403d912d5dd84f1436faad28f98a252e9
parentcd15ea9a108d8efed7ef7ef751e99d9c11a2d1c1 (diff)
downloadconfig-master.zip
config-master.tar.gz
config-master.tar.bz2
apparmor: update chromium profileHEADmaster
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
-rw-r--r--apparmor-profiles/usr.bin.chromium9
1 files changed, 7 insertions, 2 deletions
diff --git a/apparmor-profiles/usr.bin.chromium b/apparmor-profiles/usr.bin.chromium
index 0f7d4d2..5eb53db 100644
--- a/apparmor-profiles/usr.bin.chromium
+++ b/apparmor-profiles/usr.bin.chromium
@@ -71,6 +71,7 @@
# chromium mmaps all kinds of things for speed.
/etc/passwd m,
/usr/share/fonts/truetype/**/*.tt[cf] m,
+ /usr/share/fonts/opentype/**/*.tt[cf] m,
/usr/share/fonts/**/*.pfb m,
/usr/share/mime/mime.cache m,
/usr/share/icons/**/*.cache m,
@@ -147,6 +148,10 @@
/usr/bin/xdg-settings Cxr -> xdgsettings,
/usr/bin/lsb_release Cxr -> lsb_release,
+ /usr/lib/chromium/icudtl.dat rm,
+ /usr/lib/chromium/natives_blob.bin rm,
+ /usr/lib/chromium/snaptshot_blob.bin rm,
+
# GSettings
owner /{,var/}run/user/*/dconf/ rw,
owner /{,var/}run/user/*/dconf/user rw,
@@ -263,8 +268,8 @@ profile chromium_browser_sandbox flags=(attach_disconnected) {
/usr/bin/chromium r,
/usr/lib/chromium/chromium Px,
- /usr/lib/chromium/chromium-sandbox r,
- /usr/lib/chromium/chrome-sandbox r,
+ /usr/lib/chromium/chromium-sandbox mr,
+ /usr/lib/chromium/chrome-sandbox mr,
/dev/null rw,