[Pkg-xfce-devel] Bug#747252: Bug#747252: lightdm: AppArmor parser error in /etc/apparmor.d/abstractions/lightdm_chromium-browser

[skunk at iSKUNK.ORG (Daniel Richard G.)]

On Tue, 2014 May  6 23:39+0200, Yves-Alexis Perez wrote:
> 
> Line 20 is:
> 
>   # Allow ptracing processes in the chromium child profile
>   ptrace peer=/usr/lib/lightdm/lightdm-guest-session//chromium,

Oh, okay, so it's different in sid. In jessie, it's "capability
sys_admin," which otherwise appears to be supported syntax.

> So I guess commenting the ptrace part should be fine?

I think so, if for no other reason that the profile is unused :)  It
does seem that Chromium needs ptrace permission for its own form of IPC---
the profile in jessie appears to cover this with "capability
sys_ptrace," which I'm guessing is coarser-grained than "ptrace
peer=...". So the worse that should happen is that Chromium doesn't
work, in a non-existent LightDM guest session on Debian...