Light Display Manager

Merge lp:~pitti/lightdm/guest-session-lockdown into lp:lightdm

  1. guest-session-lockdown
  2. Merge into trunk
Proposed by Martin Pitt
Status: Merged
Merged at revision: 1242
Proposed branch: lp:~pitti/lightdm/guest-session-lockdown
Merge into: lp:lightdm
Diff against target: 168 lines (+108/-0)
6 files modified
NEWS (+4/-0)
data/Makefile.am (+9/-0)
data/guest-session.apparmor (+52/-0)
src/Makefile.am (+9/-0)
src/display.c (+9/-0)
src/lightdm-guest-session-wrapper.c (+25/-0)
To merge this branch: bzr merge lp:~pitti/lightdm/guest-session-lockdown
Reviewer Review Type Date Requested Status
LightDM Development Team Pending
Review via email: mp+77721@code.launchpad.net

Description of the change

When launching a guest session, run it through a wrapper which we can attach an
AppArmor profile to.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'NEWS'
2--- NEWS 2011-09-30 05:48:00 +0000
3+++ NEWS 2011-09-30 15:22:39 +0000
4@@ -16,6 +16,10 @@
5 * Start authentication when scrolling through GTK greeter entries
6 * Link liblightdm-qt against QtGui
7 * Fix liblightdm-qt crashing when face images are installed
8+ * Introduce a lightdm-guest-session-wrapper session command which MAC
9+ systems like AppArmor and SELinux can use for attaching a restrictive
10+ policy to guest sessions.
11+ * Provide an AppArmor profile for guest session lockdown.
12
13 Overview of changes in lightdm 1.0.0
14
15
16=== modified file 'data/Makefile.am'
17--- data/Makefile.am 2011-07-20 08:30:27 +0000
18+++ data/Makefile.am 2011-09-30 15:22:39 +0000
19@@ -6,6 +6,15 @@
20 dbusconfdir = $(sysconfdir)/dbus-1/system.d
21 dist_dbusconf_DATA = org.freedesktop.DisplayManager.conf
22
23+EXTRA_DIST = guest-session.apparmor
24+
25+apparmor_profiledir = $(sysconfdir)/apparmor.d
26+
27+install-data-hook:
28+ install -d $(DESTDIR)$(apparmor_profiledir)
29+ sed 's!LIBEXECDIR!$(libexecdir)!g' < $(srcdir)/guest-session.apparmor \
30+ > $(DESTDIR)$(apparmor_profiledir)/lightdm-guest-session
31+
32 dist_man1_MANS = lightdm.1
33
34 DISTCLEANFILES = \
35
36=== added file 'data/guest-session.apparmor'
37--- data/guest-session.apparmor 1970-01-01 00:00:00 +0000
38+++ data/guest-session.apparmor 2011-09-30 15:22:39 +0000
39@@ -0,0 +1,52 @@
40+# vim:syntax=apparmor
41+# Profile for restricting lightdm guest session
42+# Author: Martin Pitt <martin.pitt@ubuntu.com>
43+
44+#include <tunables/global>
45+
46+LIBEXECDIR/lightdm-guest-session-wrapper {
47+ #include <abstractions/authentication>
48+ #include <abstractions/nameservice>
49+ #include <abstractions/wutmp>
50+ /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
51+
52+ / r,
53+ /bin/ rmix,
54+ /bin/** rmix,
55+ /cdrom/ rmix,
56+ /cdrom/** rmix,
57+ /dev/ r,
58+ /dev/** rmw, # audio devices etc.
59+ owner /dev/shm/** rmw,
60+ /etc/ r,
61+ /etc/** rmk,
62+ /etc/gdm/Xsession ix,
63+ /lib/ r,
64+ /lib/** rmixk,
65+ /lib32/ r,
66+ /lib32/** rmixk,
67+ /media/ r,
68+ /media/** rmwlixk, # we want access to USB sticks and the like
69+ /opt/ r,
70+ /opt/** rmixk,
71+ @{PROC}/ r,
72+ @{PROC}/* rm,
73+ @{PROC}/asound rm,
74+ @{PROC}/asound/** rm,
75+ owner @{PROC}/** rm,
76+ /sbin/ r,
77+ /sbin/** rmixk,
78+ /sys/ r,
79+ /sys/** rm,
80+ /tmp/ rw,
81+ owner /tmp/** rwlkmix,
82+ /usr/ r,
83+ /usr/** rmixk,
84+ /var/ r,
85+ /var/** rmixk,
86+ /var/guest-data/** rw, # allow to store files permanently
87+ /var/tmp/ rw,
88+ owner /var/tmp/** rwlkm,
89+ /{,var/}run/ r,
90+ /{,var/}run/** rmwkix, # necessary for writing to sockets, etc.
91+}
92
93=== modified file 'src/Makefile.am'
94--- src/Makefile.am 2011-09-27 01:25:05 +0000
95+++ src/Makefile.am 2011-09-30 15:22:39 +0000
96@@ -79,6 +79,7 @@
97 lightdm_CFLAGS = \
98 $(LIGHTDM_CFLAGS) \
99 $(WARN_CFLAGS) \
100+ -DLIBEXEC_DIR=\"$(libexecdir)\" \
101 -DPKGLIBEXEC_DIR=\"$(pkglibexecdir)\" \
102 -DSBIN_DIR=\"$(sbindir)\" \
103 -DCONFIG_DIR=\"$(sysconfdir)/lightdm\" \
104@@ -92,6 +93,14 @@
105 $(LIGHTDM_LIBS) \
106 -lpam
107
108+libexec_PROGRAMS = lightdm-guest-session-wrapper
109+
110+lightdm_guest_session_wrapper_SOURCES = lightdm-guest-session-wrapper.c
111+
112+lightdm_guest_session_wrapper_CFLAGS = \
113+ $(LIGHTDM_CFLAGS) \
114+ $(WARN_CFLAGS)
115+
116 EXTRA_DIST = ldm-marshal.list \
117 display-manager.xml
118
119
120=== modified file 'src/display.c'
121--- src/display.c 2011-09-29 04:40:35 +0000
122+++ src/display.c 2011-09-30 15:22:39 +0000
123@@ -433,6 +433,15 @@
124 }
125 }
126
127+ /* for a guest session, run command through the wrapper covered by MAC */
128+ if (display->priv->autologin_guest)
129+ {
130+ gchar *t = command;
131+ command = g_strdup_printf (LIBEXEC_DIR "/lightdm-guest-session-wrapper %s", command);
132+ g_debug("Guest session, running session command through wrapper: %s", command);
133+ g_free (t);
134+ }
135+
136 g_signal_emit (display, signals[CREATE_SESSION], 0, &session);
137 g_return_val_if_fail (session != NULL, NULL);
138
139
140=== added file 'src/lightdm-guest-session-wrapper.c'
141--- src/lightdm-guest-session-wrapper.c 1970-01-01 00:00:00 +0000
142+++ src/lightdm-guest-session-wrapper.c 2011-09-30 15:22:39 +0000
143@@ -0,0 +1,25 @@
144+/* -*- Mode: C; indent-tabs-mode: nil; tab-width: 4 -*-
145+ *
146+ * Copyright (C) 2011 Canonical Ltd.
147+ * Author: Martin Pitt <martin.pitt@ubuntu.com>
148+ *
149+ * This program is free software: you can redistribute it and/or modify it under
150+ * the terms of the GNU General Public License as published by the Free Software
151+ * Foundation, either version 3 of the License, or (at your option) any later
152+ * version. See http://www.gnu.org/copyleft/gpl.html the full text of the
153+ * license.
154+ */
155+
156+/* This is a simple wrapper which just re-execve()'s the program given as its
157+ * arguments. This allows MAC systems like AppArmor or SELinux to apply a
158+ * policy on this wrapper which applies to guest sessions only. */
159+
160+#include <unistd.h>
161+
162+int
163+main (int argc, char *argv[], char *envp[])
164+{
165+ if (argc < 2)
166+ return 1;
167+ execve (argv[1], argv+1, envp);
168+}

Subscribers

People subscribed via source and target branches