From 172bccc699fa71c7a7baa828186121c3061f49f5 Mon Sep 17 00:00:00 2001
From: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Date: Thu, 8 Dec 2016 16:48:37 +0100
Subject: apparmor: update chromium profile

Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
---
 apparmor-profiles/usr.bin.chromium | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'apparmor-profiles')

diff --git a/apparmor-profiles/usr.bin.chromium b/apparmor-profiles/usr.bin.chromium
index 0f7d4d2..5eb53db 100644
--- a/apparmor-profiles/usr.bin.chromium
+++ b/apparmor-profiles/usr.bin.chromium
@@ -71,6 +71,7 @@
   # chromium mmaps all kinds of things for speed.
   /etc/passwd m,
   /usr/share/fonts/truetype/**/*.tt[cf] m,
+  /usr/share/fonts/opentype/**/*.tt[cf] m,
   /usr/share/fonts/**/*.pfb m,
   /usr/share/mime/mime.cache m,
   /usr/share/icons/**/*.cache m,
@@ -147,6 +148,10 @@
   /usr/bin/xdg-settings Cxr -> xdgsettings,
   /usr/bin/lsb_release Cxr -> lsb_release,
 
+  /usr/lib/chromium/icudtl.dat rm,
+  /usr/lib/chromium/natives_blob.bin rm,
+  /usr/lib/chromium/snaptshot_blob.bin rm,
+
   # GSettings
   owner /{,var/}run/user/*/dconf/     rw,
   owner /{,var/}run/user/*/dconf/user rw,
@@ -263,8 +268,8 @@ profile chromium_browser_sandbox flags=(attach_disconnected) {
 
     /usr/bin/chromium r,
     /usr/lib/chromium/chromium Px,
-    /usr/lib/chromium/chromium-sandbox r,
-    /usr/lib/chromium/chrome-sandbox r,
+    /usr/lib/chromium/chromium-sandbox mr,
+    /usr/lib/chromium/chrome-sandbox mr,
 
     /dev/null rw,
 
-- 
cgit v1.1