[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor

Mon, 09 Apr 2012 05:42:32 -0700 

/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper sounds like a
recent packaging error. When I wrote the policy the path definitively
was /usr/lib/lightdm/lightdm-guest-session-wrapper. Robert, is that new
path intended? It looks a bit exaggerated.

** Also affects: lightdm (Ubuntu Precise)
   Importance: High
       Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/975901

Title:
  guest session is not confined by apparmor

Status in “lightdm” package in Ubuntu:
  New
Status in “lightdm” source package in Precise:
  New

Bug description:
  When running a guest session, I noticed I could access the home directories 
of other users on the system.
  aa-status showed the guest session process was not confined by apparmor.
  25 profiles are in enforce mode
     /usr/lib/lightdm/lightdm-guest-session-wrapper

  /etc/apparmor.d/lightdm-guest-session has 
"/usr/lib/lightdm/lightdm-guest-session-wrapper {"
  However, the actual guest session wrapper script is shipped in 
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper.

  After I changed /etc/apparmor.d/lightdm-guest-session to point to the
  correct location of the wrapper, the guest session was correctly
  confined, as shown with aa-status, and access to other home
  directories was properly denied.

  81 processes are in enforce mode.
     /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217)

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: lightdm 1.2.0-0ubuntu1
  ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14
  Uname: Linux 3.2.0-22-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0-0ubuntu4
  Architecture: amd64
  Date: Sat Apr  7 13:45:14 2012
  EcryptfsInUse: Yes
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: lightdm
  UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago)
  mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to