[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor
I fixed this upstream: http://bazaar.launchpad.net/~lightdm- team/lightdm/trunk/revision/1487 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/975901 Title: guest session is not confined by apparmor Status in “lightdm” package in Ubuntu: In Progress Status in “lightdm” source package in Precise: In Progress Bug description: When running a guest session, I noticed I could access the home directories of other users on the system. aa-status showed the guest session process was not confined by apparmor. 25 profiles are in enforce mode /usr/lib/lightdm/lightdm-guest-session-wrapper /etc/apparmor.d/lightdm-guest-session has /usr/lib/lightdm/lightdm-guest-session-wrapper { However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper. After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied. 81 processes are in enforce mode. /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14 Uname: Linux 3.2.0-22-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Sat Apr 7 13:45:14 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago) mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor
** Branch linked: lp:~ubuntu-desktop/lightdm/ubuntu -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/975901 Title: guest session is not confined by apparmor Status in “lightdm” package in Ubuntu: In Progress Status in “lightdm” source package in Precise: In Progress Bug description: When running a guest session, I noticed I could access the home directories of other users on the system. aa-status showed the guest session process was not confined by apparmor. 25 profiles are in enforce mode /usr/lib/lightdm/lightdm-guest-session-wrapper /etc/apparmor.d/lightdm-guest-session has /usr/lib/lightdm/lightdm-guest-session-wrapper { However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper. After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied. 81 processes are in enforce mode. /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14 Uname: Linux 3.2.0-22-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Sat Apr 7 13:45:14 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago) mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor
This bug was fixed in the package lightdm - 1.2.0-0ubuntu2 --- lightdm (1.2.0-0ubuntu2) precise; urgency=low * Fix wrapper path in AppArmor profile. This got broken in 1.1.1. Patch also committed upstream, and cherry-picked (r1487) (LP: #975901) -- Martin Pitt martin.p...@ubuntu.com Tue, 10 Apr 2012 11:06:03 +0200 ** Changed in: lightdm (Ubuntu Precise) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/975901 Title: guest session is not confined by apparmor Status in “lightdm” package in Ubuntu: Fix Released Status in “lightdm” source package in Precise: Fix Released Bug description: When running a guest session, I noticed I could access the home directories of other users on the system. aa-status showed the guest session process was not confined by apparmor. 25 profiles are in enforce mode /usr/lib/lightdm/lightdm-guest-session-wrapper /etc/apparmor.d/lightdm-guest-session has /usr/lib/lightdm/lightdm-guest-session-wrapper { However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper. After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied. 81 processes are in enforce mode. /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14 Uname: Linux 3.2.0-22-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Sat Apr 7 13:45:14 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago) mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor
** Changed in: lightdm (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/975901 Title: guest session is not confined by apparmor Status in “lightdm” package in Ubuntu: New Bug description: When running a guest session, I noticed I could access the home directories of other users on the system. aa-status showed the guest session process was not confined by apparmor. 25 profiles are in enforce mode /usr/lib/lightdm/lightdm-guest-session-wrapper /etc/apparmor.d/lightdm-guest-session has /usr/lib/lightdm/lightdm-guest-session-wrapper { However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper. After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied. 81 processes are in enforce mode. /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14 Uname: Linux 3.2.0-22-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Sat Apr 7 13:45:14 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago) mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper sounds like a recent packaging error. When I wrote the policy the path definitively was /usr/lib/lightdm/lightdm-guest-session-wrapper. Robert, is that new path intended? It looks a bit exaggerated. ** Also affects: lightdm (Ubuntu Precise) Importance: High Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/975901 Title: guest session is not confined by apparmor Status in “lightdm” package in Ubuntu: New Status in “lightdm” source package in Precise: New Bug description: When running a guest session, I noticed I could access the home directories of other users on the system. aa-status showed the guest session process was not confined by apparmor. 25 profiles are in enforce mode /usr/lib/lightdm/lightdm-guest-session-wrapper /etc/apparmor.d/lightdm-guest-session has /usr/lib/lightdm/lightdm-guest-session-wrapper { However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper. After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied. 81 processes are in enforce mode. /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14 Uname: Linux 3.2.0-22-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Sat Apr 7 13:45:14 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago) mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor
** Changed in: lightdm (Ubuntu Precise) Milestone: None = ubuntu-12.04 ** Tags added: regression-release -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/975901 Title: guest session is not confined by apparmor Status in “lightdm” package in Ubuntu: New Status in “lightdm” source package in Precise: New Bug description: When running a guest session, I noticed I could access the home directories of other users on the system. aa-status showed the guest session process was not confined by apparmor. 25 profiles are in enforce mode /usr/lib/lightdm/lightdm-guest-session-wrapper /etc/apparmor.d/lightdm-guest-session has /usr/lib/lightdm/lightdm-guest-session-wrapper { However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper. After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied. 81 processes are in enforce mode. /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14 Uname: Linux 3.2.0-22-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Sat Apr 7 13:45:14 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago) mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor
** Changed in: lightdm (Ubuntu Precise) Assignee: (unassigned) = Martin Pitt (pitti) ** Changed in: lightdm (Ubuntu Precise) Status: New = In Progress -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/975901 Title: guest session is not confined by apparmor Status in “lightdm” package in Ubuntu: In Progress Status in “lightdm” source package in Precise: In Progress Bug description: When running a guest session, I noticed I could access the home directories of other users on the system. aa-status showed the guest session process was not confined by apparmor. 25 profiles are in enforce mode /usr/lib/lightdm/lightdm-guest-session-wrapper /etc/apparmor.d/lightdm-guest-session has /usr/lib/lightdm/lightdm-guest-session-wrapper { However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper. After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied. 81 processes are in enforce mode. /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14 Uname: Linux 3.2.0-22-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Sat Apr 7 13:45:14 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago) mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 975901] Re: guest session is not confined by apparmor
** Visibility changed to: Public -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/975901 Title: guest session is not confined by apparmor Status in “lightdm” package in Ubuntu: New Bug description: When running a guest session, I noticed I could access the home directories of other users on the system. aa-status showed the guest session process was not confined by apparmor. 25 profiles are in enforce mode /usr/lib/lightdm/lightdm-guest-session-wrapper /etc/apparmor.d/lightdm-guest-session has /usr/lib/lightdm/lightdm-guest-session-wrapper { However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper. After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied. 81 processes are in enforce mode. /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lightdm 1.2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14 Uname: Linux 3.2.0-22-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Sat Apr 7 13:45:14 2012 EcryptfsInUse: Yes ProcEnviron: TERM=xterm PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago) mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/975901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp