Public bug reported:
This is a continuation of LP: #1663157 where as a workaround for the
guest session not being confined the session got disabled. This bug
tracks the fix for proper confinement.
Original bug report text:
Processes launched under a lightdm guest session are not confined by the
/usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10, Ubuntu
17.04, and Ubuntu Artful (current dev release). The processes are unconfined.
The simple test case is to log into a guest session, launch a terminal
with ctrl-alt-t, and run the following command:
$ cat /proc/self/attr/current
Expected output, as seen in Ubuntu 16.04 LTS, is:
/usr/lib/lightdm/lightdm-guest-session (enforce)
Running the command inside of an Ubuntu 16.10 and newer guest session
results in:
unconfined
** Affects: lightdm (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1742912
Title:
Please confine guest sessions again
Status in lightdm package in Ubuntu:
New
Bug description:
This is a continuation of LP: #1663157 where as a workaround for the
guest session not being confined the session got disabled. This bug
tracks the fix for proper confinement.
Original bug report text:
Processes launched under a lightdm guest session are not confined by the
/usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10, Ubuntu
17.04, and Ubuntu Artful (current dev release). The processes are unconfined.
The simple test case is to log into a guest session, launch a terminal
with ctrl-alt-t, and run the following command:
$ cat /proc/self/attr/current
Expected output, as seen in Ubuntu 16.04 LTS, is:
/usr/lib/lightdm/lightdm-guest-session (enforce)
Running the command inside of an Ubuntu 16.10 and newer guest session
results in:
unconfined
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1742912/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
