diff options
| author | Martin Pitt <martin.pitt@ubuntu.com> | 2011-10-26 07:27:06 +0200 |
|---|---|---|
| committer | Martin Pitt <martin.pitt@ubuntu.com> | 2011-10-26 07:27:06 +0200 |
| commit | 06e6ff235c3811871975f8b9a04f59cd4a5d8dd2 (patch) | |
| tree | 3929ab4f3757a186a9db2a7dc6ee15160b1fb72d /data | |
| parent | 0927fd712e9ca29b9af470bbd6bd5d3699414950 (diff) | |
| download | lightdm-06e6ff235c3811871975f8b9a04f59cd4a5d8dd2.tar.gz | |
data/guest-session.apparmor: Disable "deny /etc/** w" until LP#697678 is fixed, to unbreak compiz; also allow fusermount for gvfs
Diffstat (limited to 'data')
| -rw-r--r-- | data/guest-session.apparmor | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/guest-session.apparmor b/data/guest-session.apparmor index a6ecd5f7..e652d34a 100644 --- a/data/guest-session.apparmor +++ b/data/guest-session.apparmor @@ -12,6 +12,7 @@ LIBEXECDIR/lightdm-guest-session-wrapper { / r, /bin/ rmix, + /bin/fusermount Px, /bin/** rmix, /cdrom/ rmix, /cdrom/** rmix, @@ -63,7 +64,7 @@ LIBEXECDIR/lightdm-guest-session-wrapper { # silence warnings for stuff that we really don't want to grant deny capability dac_override, deny capability dac_read_search, - deny /etc/** w, + #deny /etc/** w, # re-enable once LP#697678 is fixed deny /usr/** w, deny /var/crash/ w, } |