> Sure, makes sense. We are running the guest session in a locked down > wrapper that provides some amount of policy. AFAIK this is apparmor > only. Assuming that the lockdown of the guest session was done for > SELinux do we have to worry that they'd conflict?
SELinux and apparmor are mutually exclusive. While we don't directly support selinux in Ubuntu, it is available in the archive and users are free to enable it. The concern here is that by not hooking into selinux in the way services are expected to do, someone trying to use the freerdp session on an selinux-enabled system will get a rude surprise: the apparmor policy won't be applied because apparmor isn't used, and the selinux policy won't be applied because the selinux hooks aren't there, resulting in the session running completely unconfined. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1046371 Title: Missing selinux support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm-remote-session-freerdp/+bug/1046371/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
