Re: [apparmor] [patch] allow reading /tmp/.X11-unix/* in abstractions/X
On Thu, Oct 13, 2016 at 10:06:22PM +0200, Christian Boltz wrote:
> Hello,
>
> $subject.
>
> This is needed when starting X with "-nolisten local".
>
>
> References: https://bugs.launchpad.net/apparmor/+bug/1589823
>
>
> I propose this patch for trunk, 2.10 and 2.9
Acked for all three.
Acked-by: Seth Arnold
Thanks
>
>
>
> [ abstractions-X.diff ]
>
> === modified file 'profiles/apparmor.d/abstractions/X'
> --- profiles/apparmor.d/abstractions/X 2015-07-24 20:01:46 +
> +++ profiles/apparmor.d/abstractions/X 2016-10-13 20:03:24 +
> @@ -23,7 +23,7 @@
>owner /{,var/}run/user/*/gdm/Xauthority r,
>
># the unix socket to use to connect to the display
> - /tmp/.X11-unix/* w,
> + /tmp/.X11-unix/* rw,
>unix (connect, receive, send)
> type=stream
> peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
>
signature.asc
Description: PGP signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [patch] allow reading /tmp/.X11-unix/* in abstractions/X
Hello,
$subject.
This is needed when starting X with "-nolisten local".
References: https://bugs.launchpad.net/apparmor/+bug/1589823
I propose this patch for trunk, 2.10 and 2.9
[ abstractions-X.diff ]
=== modified file 'profiles/apparmor.d/abstractions/X'
--- profiles/apparmor.d/abstractions/X 2015-07-24 20:01:46 +
+++ profiles/apparmor.d/abstractions/X 2016-10-13 20:03:24 +
@@ -23,7 +23,7 @@
owner /{,var/}run/user/*/gdm/Xauthority r,
# the unix socket to use to connect to the display
- /tmp/.X11-unix/* w,
+ /tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Regards,
Christian Boltz
--
"Never surf faster, than your guardian penguin can fly!"
signature.asc
Description: This is a digitally signed message part.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
