When using the apparmor profile for Chromium I get the following logs:
Mar 11 21:08:30 simon-laptop kernel: [63629.304008] type=1400 audit(1363050510.703:147): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq" pid=28320 comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:30 simon-laptop kernel: [63629.329904] type=1400 audit(1363050510.727:148): apparmor="ALLOWED" operation="open" parent=28324 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq" pid=28325 comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.823702] type=1400 audit(1363050511.223:149): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-10/uevent" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.823879] type=1400 audit(1363050511.223:150): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-10/removable" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.823906] type=1400 audit(1363050511.223:151): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-10/size" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824069] type=1400 audit(1363050511.223:152): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-1/uevent" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824291] type=1400 audit(1363050511.223:153): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-1/removable" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824321] type=1400 audit(1363050511.223:154): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-1/size" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824435] type=1400 audit(1363050511.223:155): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-0/uevent" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:31 simon-laptop kernel: [63629.824736] type=1400 audit(1363050511.223:156): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/virtual/block/dm-0/removable" pid=28342 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 11 21:08:36 simon-laptop kernel: [63634.907161] audit_printk_skb: 51 callbacks suppressed
Mar 11 21:08:36 simon-laptop kernel: [63634.907167] type=1400 audit(1363050516.319:174): apparmor="ALLOWED" operation="exec" parent=28401 profile="/usr/lib/chromium-browser/chromium-browser//xdgsettings" name="/usr/bin/gawk" pid=28405 comm="xdg-mime" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/usr/lib/chromium-browser/chromium-browser//xdgsettings//null-60"
The attached patch extends the allowed rules to avoid those messages.
$ lsb_release -rd
Description: Ubuntu 12.04.2 LTS
Release: 12.04
$ apt-cache policy apparmor apparmor-profiles chromium-browser
apparmor:
Installed: 2.7.102-0ubuntu3.8
Candidate: 2.7.102-0ubuntu3.8
Version table:
*** 2.7.102-0ubuntu3.8 0
500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.7.102-0ubuntu3.7 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
2.7.102-0ubuntu3 0
500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
apparmor-profiles:
Installed: 2.7.102-0ubuntu3.8
Candidate: 2.7.102-0ubuntu3.8
Version table:
*** 2.7.102-0ubuntu3.8 0
500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.7.102-0ubuntu3.7 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
2.7.102-0ubuntu3 0
500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
chromium-browser:
Installed: 25.0.1364.160-0ubuntu0.12.04.1
Candidate: 25.0.1364.160-0ubuntu0.12.04.1
Version table:
*** 25.0.1364.160-0ubuntu0.12.04.1 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/universe amd64 Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/universe amd64 Packages
100 /var/lib/dpkg/status
18.0.1025.151~r130497-0ubuntu1 0
500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
The attachment "usr.bin.
[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]