Fix apparmor profiles for running Chromium in guest sessions

author: Robert Ancell <robert.ancell@canonical.com> 2015-10-13 11:40:35 +0100
committer: Robert Ancell <robert.ancell@canonical.com> 2015-10-13 11:40:35 +0100
commit: c2d7194575dcf4ebf6ca756ffb07252cf498b27c (patch)
tree: 8538d082963e3132f0aa980343c727fd84c7acac
parent: 47c1b43cf7d1a1ba8438be883d57d2fbfb3d83f1 (diff)
download: lightdm-git-c2d7194575dcf4ebf6ca756ffb07252cf498b27c.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/data/apparmor/abstractions/lightdm_chromium-browser b/data/apparmor/abstractions/lightdm_chromium-browser
index fd9c94d3..45bed486 100644
--- a/data/apparmor/abstractions/lightdm_chromium-browser
+++ b/data/apparmor/abstractions/lightdm_chromium-browser
@@ -51,6 +51,10 @@
     @{PROC}/[0-9]*/fd/ r,              # sandbox wants these
     @{PROC}/[0-9]*/task/[0-9]*/stat r, # sandbox wants these
 
+    owner @{PROC}/@{pid}/setgroups w,
+    owner @{PROC}/@{pid}/uid_map w,
+    owner @{PROC}/@{pid}/gid_map w,
+
     /selinux/ r,
 
     /usr/lib/chromium-browser/chromium-browser-sandbox ix,
author	Robert Ancell <robert.ancell@canonical.com>	2015-10-13 11:40:35 +0100
committer	Robert Ancell <robert.ancell@canonical.com>	2015-10-13 11:40:35 +0100
commit	c2d7194575dcf4ebf6ca756ffb07252cf498b27c (patch)
tree	8538d082963e3132f0aa980343c727fd84c7acac
parent	47c1b43cf7d1a1ba8438be883d57d2fbfb3d83f1 (diff)
download	lightdm-git-c2d7194575dcf4ebf6ca756ffb07252cf498b27c.tar.gz