From c2d7194575dcf4ebf6ca756ffb07252cf498b27c Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Tue, 13 Oct 2015 11:40:35 +0100
Subject: Fix apparmor profiles for running Chromium in guest sessions

---
 data/apparmor/abstractions/lightdm_chromium-browser | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/apparmor/abstractions/lightdm_chromium-browser b/data/apparmor/abstractions/lightdm_chromium-browser
index fd9c94d3..45bed486 100644
--- a/data/apparmor/abstractions/lightdm_chromium-browser
+++ b/data/apparmor/abstractions/lightdm_chromium-browser
@@ -51,6 +51,10 @@
     @{PROC}/[0-9]*/fd/ r,              # sandbox wants these
     @{PROC}/[0-9]*/task/[0-9]*/stat r, # sandbox wants these
 
+    owner @{PROC}/@{pid}/setgroups w,
+    owner @{PROC}/@{pid}/uid_map w,
+    owner @{PROC}/@{pid}/gid_map w,
+
     /selinux/ r,
 
     /usr/lib/chromium-browser/chromium-browser-sandbox ix,
-- 
cgit v1.2.1