guest session is not confined by apparmor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lightdm (Ubuntu) |
Fix Released
|
High
|
Martin Pitt | ||
Precise |
Fix Released
|
High
|
Martin Pitt |
Bug Description
When running a guest session, I noticed I could access the home directories of other users on the system.
aa-status showed the guest session process was not confined by apparmor.
25 profiles are in enforce mode
/usr/
/etc/apparmor.
However, the actual guest session wrapper script is shipped in /usr/lib/
After I changed /etc/apparmor.
81 processes are in enforce mode.
/usr/
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lightdm 1.2.0-0ubuntu1
ProcVersionSign
Uname: Linux 3.2.0-22-generic x86_64
NonfreeKernelMo
ApportVersion: 2.0-0ubuntu4
Architecture: amd64
Date: Sat Apr 7 13:45:14 2012
EcryptfsInUse: Yes
ProcEnviron:
TERM=xterm
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: lightdm
UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago)
mtime.conffile.
Changed in lightdm (Ubuntu): | |
importance: | Undecided → High |
Changed in lightdm (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04 |
tags: | added: regression-release |
Changed in lightdm (Ubuntu Precise): | |
assignee: | nobody → Martin Pitt (pitti) |
status: | New → In Progress |
/usr/lib/ lightdm/ lightdm/ lightdm- guest-session- wrapper sounds like a recent packaging error. When I wrote the policy the path definitively was /usr/lib/ lightdm/ lightdm- guest-session- wrapper. Robert, is that new path intended? It looks a bit exaggerated.