The following fix to the abstraction seems to fix the issue:
=== modified file 'data/apparmor/abstractions/lightdm' --- data/apparmor/abstractions/lightdm 2015-10-19 10:44:23 +0000 +++ data/apparmor/abstractions/lightdm 2016-09-28 03:39:54 +0000 @@ -95,7 +95,7 @@ unix (receive) peer=(label=unconfined), unix (create), unix (getattr, getopt, setopt, shutdown), - unix (bind, listen) type=stream addr="@/com/ubuntu/upstart-session/**", + unix (bind, listen, accept, receive, send) type=stream addr="@/com/ubuntu/upstart-session/**", unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix (bind, listen) type=stream addr="@/tmp/.ICE-unix/[0-9]*", unix (bind, listen) type=stream addr="@/dbus-vfs-daemon/*",
I figure that something (Unity?) is now making more use of the upstart session. So we need to allow all operations on it.
I'm not an upstart expert but I figure this is safe to allow?
The following fix to the abstraction seems to fix the issue:
=== modified file 'data/apparmor/ abstractions/ lightdm' abstractions/ lightdm 2015-10-19 10:44:23 +0000 abstractions/ lightdm 2016-09-28 03:39:54 +0000 unconfined) , /com/ubuntu/ upstart- session/ **", /com/ubuntu/ upstart- session/ **", /tmp/dbus- *", /tmp/.ICE- unix/[0- 9]*", /dbus-vfs- daemon/ *",
--- data/apparmor/
+++ data/apparmor/
@@ -95,7 +95,7 @@
unix (receive) peer=(label=
unix (create),
unix (getattr, getopt, setopt, shutdown),
- unix (bind, listen) type=stream addr="@
+ unix (bind, listen, accept, receive, send) type=stream addr="@
unix (bind, listen) type=stream addr="@
unix (bind, listen) type=stream addr="@
unix (bind, listen) type=stream addr="@
I figure that something (Unity?) is now making more use of the upstart session. So we need to allow all operations on it.
I'm not an upstart expert but I figure this is safe to allow?