Light Display Manager

Merge lp:~mterry/lightdm/guest-permissions into lp:lightdm

  1. guest-permissions
  2. Merge into trunk
Proposed by Michael Terry
Status: Merged
Approved by: Robert Ancell
Approved revision: 2475
Merged at revision: 2475
Proposed branch: lp:~mterry/lightdm/guest-permissions
Merge into: lp:lightdm
Diff against target: 25 lines (+4/-0)
2 files modified
data/apparmor/abstractions/lightdm (+1/-0)
data/apparmor/lightdm-guest-session.in (+3/-0)
To merge this branch: bzr merge lp:~mterry/lightdm/guest-permissions
Reviewer Review Type Date Requested Status
Robert Ancell Approve
Review via email: mp+319731@code.launchpad.net

Commit message

Allow guest sessions to talk to Mir (allowing unity8)

Description of the change

I also threw ibus in there because I noticed it was denied in the systemd journal.

I noticed that we also don't show any installed snaps. This is because access to /run/snapd.socket is restricted. But after talking to Seth Arnold, sounds like we don't want to allow that just yet (snapd can't do the apparmor profile stacking that would be required).

To post a comment you must log in.
Revision history for this message
Robert Ancell (robert-ancell) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'data/apparmor/abstractions/lightdm'
--- data/apparmor/abstractions/lightdm 2016-09-28 03:42:20 +0000
+++ data/apparmor/abstractions/lightdm 2017-03-13 18:36:25 +0000
@@ -77,6 +77,7 @@
77 /{,var/}run/ r,77 /{,var/}run/ r,
78 # necessary for writing to sockets, etc.78 # necessary for writing to sockets, etc.
79 /{,var/}run/** rmkix,79 /{,var/}run/** rmkix,
80 /{,var/}run/mir_socket rw,
80 /{,var/}run/screen/** wl,81 /{,var/}run/screen/** wl,
81 /{,var/}run/shm/** wl,82 /{,var/}run/shm/** wl,
82 /{,var/}run/uuidd/request w,83 /{,var/}run/uuidd/request w,
8384
=== modified file 'data/apparmor/lightdm-guest-session.in'
--- data/apparmor/lightdm-guest-session.in 2016-06-04 08:14:23 +0000
+++ data/apparmor/lightdm-guest-session.in 2017-03-13 18:36:25 +0000
@@ -19,6 +19,9 @@
19 /usr/bin/sogou-sys-notify ix,19 /usr/bin/sogou-sys-notify ix,
20 /tmp/sogou-qimpanel:* rwl,20 /tmp/sogou-qimpanel:* rwl,
2121
22 # Allow ibus
23 unix (bind, listen) type=stream addr="@tmp/ibus/*",
24
22 # mozc_server needs special treatment due to C/S design25 # mozc_server needs special treatment due to C/S design
23 unix (bind, listen) type=stream addr="@tmp/.mozc.*",26 unix (bind, listen) type=stream addr="@tmp/.mozc.*",
24}27}

Subscribers

People subscribed via source and target branches