diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2013-10-28 20:55:31 -0700 |
|---|---|---|
| committer | Tyler Hicks <tyhicks@canonical.com> | 2013-10-28 20:55:31 -0700 |
| commit | bc2e64bd529567904779335982b470a712beefa6 (patch) | |
| tree | 880661033e17c19834df57e03ff85f89965d3238 /data/apparmor | |
| parent | 847021854d049623a2465ea2ee7fc8f94babced2 (diff) | |
| download | lightdm-bc2e64bd529567904779335982b470a712beefa6.tar.gz | |
* Update the AppArmor lightdm abstraction to account for AppArmor
changes that landed in 13.10
- Allow full access to the system, session, and accessibility buses
- Allow trusted helpers, such as dbus-daemon, that are confined by a
lightdm session profile, to query AppArmor policy using the .access
file in apparmorfs
- Include the cups-client abstraction to grant access to the cups
socket file
Diffstat (limited to 'data/apparmor')
| -rw-r--r-- | data/apparmor/abstractions/lightdm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/data/apparmor/abstractions/lightdm b/data/apparmor/abstractions/lightdm index bd60f90f..d94edc3e 100644 --- a/data/apparmor/abstractions/lightdm +++ b/data/apparmor/abstractions/lightdm @@ -8,6 +8,10 @@ # etc). Note that this profile intentionally omits chromium-browser. #include <abstractions/authentication> + #include <abstractions/cups-client> + #include <abstractions/dbus> + #include <abstractions/dbus-session> + #include <abstractions/dbus-accessibility> #include <abstractions/nameservice> #include <abstractions/wutmp> /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678 @@ -47,6 +51,8 @@ /sbin/** rmixk, /sys/ r, /sys/** rm, + # needed for confined trusted helpers, such as dbus-daemon + /sys/kernel/security/apparmor/.access rw, /tmp/ rw, owner /tmp/** rwlkmix, /usr/ r, |