I'm making this bug public now that we have security updates published
which disable the guest session. My hope is that we can re-enable it
after the changes suggested by pitti can be investigated/implemented.
** No longer affects: apparmor (Ubuntu Artful)
** No longer affects: apparmor (Ubuntu Zesty)
** No longer affects: apparmor (Ubuntu Yakkety)
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
** Description changed:
Processes launched under a lightdm guest session are not confined by the
- /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10
- and Ubuntu Zesty. The processes are actually unconfined.
+ /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10,
+ Ubuntu 17.04, and Ubuntu Artful (current dev release). The processes are
+ unconfined.
The simple test case is to log into a guest session, launch a terminal
with ctrl-alt-t, and run the following command:
- $ cat /proc/self/attr/current
+ $ cat /proc/self/attr/current
Expected output, as seen in Ubuntu 16.04 LTS, is:
- /usr/lib/lightdm/lightdm-guest-session (enforce)
+ /usr/lib/lightdm/lightdm-guest-session (enforce)
Running the command inside of an Ubuntu 16.10 and newer guest session
results in:
- unconfined
+ unconfined
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157
Title:
Guest session processes are not confined in 16.10 and newer releases
To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
