Attached is a patch for trusty to address this issue as part of an SRU.
** Patch added: "profiles-adjust_X_for_lightdm-lp1339727.patch"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1339727/+attachment/4399558/+files/profiles-adjust_X_for_lightdm-lp1339727.patch
** Description changed:
+ [impact]
+
+ This issue prevents X applications from working properly when lightdm is
+ used as a display manager.
+
+ [steps to reproduce]
+
+ 1) run evince in a desktop session started from lightdm. If this bug has
+ not been addressed, apparmor denials will be seen on the
+ /run/lightdm/$USER/xauthority file in /var/log/syslog.
+
+ [regression potential]
+
+ The change in the patch for this bug is a slight loosening of
+ the apparmor policy for X applications. The risk of an introduced
+ regression is small.
+
+ [original description]
+
The default apparmor 'X' abstraction permits access to
/{,var/}run/lightdm/authority/[0-9]*, ostensibly for the xauthority
file. Except on Trusty, that's not where the xauthority file is. It is
instead in /run/lightdm/$USER, and named "xauthority". I have had to
udpated my apparmor configuration, lest apparmor convince Evince of
being a filthy script kiddie, out to corrupt my xauth file.
Please consider adding the following to the 'X' abstraction:
owner /{,var/}run/lightdm/*/xauthority r,
Relevant info:
apparmor:
- Installed: 2.8.95~2430-0ubuntu5
- Candidate: 2.8.95~2430-0ubuntu5
- Version table:
- *** 2.8.95~2430-0ubuntu5 0
- 500 http://mirrors.mit.edu/ubuntu/ trusty/main amd64 Packages
- 100 /var/lib/dpkg/status
+ Installed: 2.8.95~2430-0ubuntu5
+ Candidate: 2.8.95~2430-0ubuntu5
+ Version table:
+ *** 2.8.95~2430-0ubuntu5 0
+ 500 http://mirrors.mit.edu/ubuntu/ trusty/main amd64 Packages
+ 100 /var/lib/dpkg/status
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1339727
Title:
lightdm xauthority path is wrong
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1339727/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
