krathalan / apparmor-profiles

Krathalan's AppArmor profiles for Arch Linux
GNU General Public License v3.0
38 stars 8 forks source link

With Apparmor profile enabled for Chromium, ptrace protection with Yama is disabled #1

Closed h4xor666 closed 3 years ago

h4xor666 commented 3 years ago

With the Chromium apparmor profile provided, chrome://sandbox tells me that ptrace protection with yama LSM (broker and non-broker) are not on. Is this expected behavior? With the profile disabled, both of those options say they are enabled. I'm not super experienced with apparmor profiles yet, mind you, so I might have the wrong idea about it.

krathalan commented 3 years ago

Sorry for the delay; the issue seemed to be related only to Chromium seeing if it was actually sandboxed this way or not, not actually if the specific sandbox was working. In either case it should be fixed in commit 4f3cee6a3707221dff291a3204324ce5466557cd