[apparmor] Update X abstraction for new gdm Xauthority file
Jamie Strandboge
jamie at canonical.com
Wed Aug 11 15:44:39 BST 2010
As reported in LP: #601583, newer gdm sets the XAUTHORITY file
in /var/run. Eg, in Ubuntu 10.10:
$ set | grep XAUTHORITY
XAUTHORITY=/var/run/gdm/auth-for-test-GsdBew/database
Indeed, there is no ~/.Xauthority file anymore:
$ ls ~/.Xauthority
ls: cannot access /home/test/.Xauthority: No such file or directory
The permissions for /var/run/gdm* are:
$ sudo ls -ld /var/run/gdm
drwx--x--x 4 root gdm 100 2010-08-11 08:11 /var/run/gdm
$ sudo ls -l /var/run/gdm
total 0
drwx--x--x 2 gdm gdm 60 2010-08-11 08:11 auth-for-gdm-HXjZLh
drwx--x--x 2 test test 60 2010-08-11 08:11 auth-for-test-GsdBew
-rw-r--r-- 1 root root 0 2010-08-11 07:33 firstserver.stamp
$ sudo ls -l /var/run/gdm/auth-for-test-GsdBew
total 4
-rw------- 1 test test 49 2010-08-11 08:11 database
As such, I propose the following change to the X abstraction:
=== modified file 'profiles/apparmor.d/abstractions/X'
--- profiles/apparmor.d/abstractions/X 2009-11-04 20:25:42 +0000
+++ profiles/apparmor.d/abstractions/X 2010-08-11 14:43:09 +0000
@@ -17,7 +17,8 @@
@{HOME}/.ICEauthority r,
# .Xauthority files required for X connections, per user
- @{HOME}/.Xauthority r,
+ @{HOME}/.Xauthority r,
+ owner /var/run/gdm/*/database r,
# the unix socket to use to connect to the display
/tmp/.X11-unix/* w,
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100811/f787c157/attachment.pgp
More information about the AppArmor
mailing list