[Pkg-xfce-devel] [pkg-apparmor] Support for shipping AppArmor profiles in Debian (lightdm)
On jeu., 2015-03-12 at 15:15 +0100, intrigeri wrote:
> So, I've had a look at the lightdm 1.12.2-1 source package, and
> indeed, at least these parts of patches/02_fix-apparmor-profile.patch
> can now be dropped:
>
> - #include <abstractions/dbus-accessibility>
>
> [...]
>
> - signal peer=@{profile_name},
> - ptrace peer=@{profile_name},
> - # needed when logging out of the guest session
> - signal (receive) peer=unconfined,
> + # this doesn't work with the current Debian apparmor
> + #signal peer=@{profile_name},
> + #ptrace peer=@{profile_name},
> + ## needed when logging out of the guest session
> + #signal (receive) peer=unconfined,
Ok, done, will be part of the next upload to experimental.
>
> > I run lightdm and use apparmor and can test the profile shipped
> upstream
> > when i get home.
>
> If you're running sid, then you would be the ideal candidate to ensure
> any future lightdm breakage caused by its AppArmor profile turns on
> red lights in a timely manner, even if Yves-Alexis doesn't test the
> packages he uploads with AppArmor enabled :)
I did a quick try on sid (so with lightdm 1.10) but it seems that only
the guest profile is actually confined, and I'm not using it, so it's
hard to tell anyway :)
In any case (and wrt. your mail on d-d-a), I'll try to install AppArmor
and see what happens, although on a desktop box it seems that really not
much is actually confined.
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20150313/3046b9b1/attachment.sig>
Reply to: