I made a couple of observations which may or may not be useful.
When starting a guest session in Lubuntu, these lines show up in lightdm.log:
[+36.45s] DEBUG: Seat seat0 changes active session to
[+36.45s] CRITICAL: session_get_login1_session_id: assertion 'session != NULL' failed
They are not present when starting a guest session in Ubuntu. Please see attachment for context.
The "Seat seat0 changes active session to " message is written by login1_active_session_changed_cb() in src/lightdm.c. Apparently the session ID isn't passed correctly to that function.
Another thing I noticed is that the "no session for pid ..." message does not appear if I make this change:
--- /etc/apparmor.d/abstractions/lightdm.orig
+++ /etc/apparmor.d/abstractions/lightdm
@@ -54,7 +54,7 @@
@{PROC}/ati rm,
@{PROC}/ati/** rm,
@{PROC}/sys/vm/overcommit_memory r,
- owner @{PROC}/** rm,
+ @{PROC}/** rm,
# needed for gnome-keyring-daemon
@{PROC}/*/status r,
# needed for bamfdaemon and utilities such as ps and killall
But that would give the guest user access to everything in the /proc directory, also processes which are owned by other users. Probably not a good idea from a security POV.
I made a couple of observations which may or may not be useful.
When starting a guest session in Lubuntu, these lines show up in lightdm.log:
[+36.45s] DEBUG: Seat seat0 changes active session to get_login1_ session_ id: assertion 'session != NULL' failed
[+36.45s] CRITICAL: session_
They are not present when starting a guest session in Ubuntu. Please see attachment for context.
The "Seat seat0 changes active session to " message is written by login1_ active_ session_ changed_ cb() in src/lightdm.c. Apparently the session ID isn't passed correctly to that function.
Another thing I noticed is that the "no session for pid ..." message does not appear if I make this change:
--- /etc/apparmor. d/abstractions/ lightdm. orig d/abstractions/ lightdm /sys/vm/ overcommit_ memory r, daemon
+++ /etc/apparmor.
@@ -54,7 +54,7 @@
@{PROC}/ati rm,
@{PROC}/ati/** rm,
@{PROC}
- owner @{PROC}/** rm,
+ @{PROC}/** rm,
# needed for gnome-keyring-
@{PROC}/*/status r,
# needed for bamfdaemon and utilities such as ps and killall
But that would give the guest user access to everything in the /proc directory, also processes which are owned by other users. Probably not a good idea from a security POV.