Please note that the simple test ( cat /proc/self/attr/current ) can be misleading.
I tried that in Ubuntu 18.04 ( switched to lightdm ) and got "(enforce)" but some applications like the file manager could browse other user's home directories. Most applications including firefox and libreoffice are restricted. In Xubuntu the file manager is restricted as well as every other application I tried. Is it possible to just eliminate certain applications or prevent launching applications in specific ways to guarantee a restricted guest sessions? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1742912 Title: Please confine guest sessions again Status in lightdm package in Ubuntu: Confirmed Bug description: This is a continuation of LP: #1663157 where as a workaround for the guest session not being confined the session got disabled. This bug tracks the fix for proper confinement. Original bug report text: Processes launched under a lightdm guest session are not confined by the /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10, Ubuntu 17.04, and Ubuntu Artful (current dev release). The processes are unconfined. The simple test case is to log into a guest session, launch a terminal with ctrl-alt-t, and run the following command: $ cat /proc/self/attr/current Expected output, as seen in Ubuntu 16.04 LTS, is: /usr/lib/lightdm/lightdm-guest-session (enforce) Running the command inside of an Ubuntu 16.10 and newer guest session results in: unconfined To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1742912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
