Comment 41 for bug 1273524

Gunnar Hjalmarsson (gunnarhj) wrote :

I made a couple of observations which may or may not be useful.

When starting a guest session in Lubuntu, these lines show up in lightdm.log:

[+36.45s] DEBUG: Seat seat0 changes active session to
[+36.45s] CRITICAL: session_get_login1_session_id: assertion 'session != NULL' failed

They are not present when starting a guest session in Ubuntu. Please see attachment for context.

The "Seat seat0 changes active session to " message is written by login1_active_session_changed_cb() in src/lightdm.c. Apparently the session ID isn't passed correctly to that function.

Another thing I noticed is that the "no session for pid ..." message does not appear if I make this change:

--- /etc/apparmor.d/abstractions/lightdm.orig
+++ /etc/apparmor.d/abstractions/lightdm
@@ -54,7 +54,7 @@
   @{PROC}/ati rm,
   @{PROC}/ati/** rm,
   @{PROC}/sys/vm/overcommit_memory r,
- owner @{PROC}/** rm,
+ @{PROC}/** rm,
   # needed for gnome-keyring-daemon
   @{PROC}/*/status r,
   # needed for bamfdaemon and utilities such as ps and killall

But that would give the guest user access to everything in the /proc directory, also processes which are owned by other users. Probably not a good idea from a security POV.