[ubuntu-hardened] AppArmor profile for lightdm-guest-session.
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jul 16 14:12:03 UTC 2013
On 13-07-16 10:04 AM, Daniel Curtis wrote:
> Hi
>
> Could somebody explain to me why lightdm-guest-session
> changed? Some time ago, I checked this profile and there were
> more entries. Now it's look like this:
>
> # vim:syntax=apparmor
> # Profile for restricting lightdm guest session
>
> #include <tunables/global>
>
> /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper {
> # Most applications are confined via the main abstraction
> #include <abstractions/lightdm>
>
> # chromium-browser needs special confinement due to its
> sandboxing #include <abstractions/lightdm_chromium-browser>
> }
The original contents of that file got moved to the abstractions/lightdm file
that is included there so it can be reused. Take a look at that file's contents,
it's pretty much identical as it was before.
>
> apparmor_status command shows that there is two profiles in
> enforced mode, which are related to a lightdm:
>
> /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper
> /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper//chromium_browser
That looks normal to me. What were you expecting to be different?
>
> Why it happened? I may be wrong, but I remember, that this
> profile was full of policy, restrictions etc. One more thing: I'm
> not using a Chromium browser. Could somebody help me with this
> issue? Explain it to me and paste a correct profile? What should I
> do?
There is no issue. The contents simply got moved to an abstraction.
What exactly do you need help with?
Marc.
More information about the ubuntu-hardened
mailing list