[Pkg-xfce-devel] Bug#780456: Guest session AppArmor profile doesn't work
Package: lightdm
Version: 1.10.3-3
Severity: normal
Tags: security patch
Hello,
The current AA profile in Jessie doesn't reference the correct exec, and some rules are missing.
Attached an updated profile and the correcponding patch.
I don't know if this would fit for Jessie, as:
- guest-sessions are not enabled by default,
- but, they should be secure by default
Regards
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lightdm depends on:
ii adduser 3.113+nmu3
ii dbus 1.8.12-3
ii debconf [debconf-2.0] 1.5.55
ii libc6 2.19-13
ii libgcrypt20 1.6.2-4+b1
ii libglib2.0-0 2.42.1-1
ii libpam-systemd 215-11
ii libpam0g 1.1.8-3.1
ii libxcb1 1.10-3+b1
ii libxdmcp6 1:1.1.1-1+b1
ii lightdm-gtk-greeter [lightdm-greeter] 1.8.5-2
Versions of packages lightdm recommends:
ii xserver-xorg 1:7.7+7
Versions of packages lightdm suggests:
ii accountsservice 0.6.37-3+b1
ii upower 0.99.1-3.1
-- debconf information:
lightdm/daemon_name: /usr/sbin/lightdm
* shared/default-x-display-manager: lightdm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lightdm-guest-session
Type: text/x-c
Size: 1754 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20150314/2ed8330a/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lightdm-guest-session-apparmor.diff
Type: text/x-diff
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20150314/2ed8330a/attachment.diff>
Reply to: