Light Display Manager

Merge lp:~pitti/lightdm/guest-session-lockdown into lp:lightdm

  1. guest-session-lockdown
  2. Merge into trunk
Proposed by Martin Pitt
Status: Merged
Merged at revision: 1242
Proposed branch: lp:~pitti/lightdm/guest-session-lockdown
Merge into: lp:lightdm
Diff against target: 168 lines (+108/-0)
6 files modified
NEWS (+4/-0)
data/Makefile.am (+9/-0)
data/guest-session.apparmor (+52/-0)
src/Makefile.am (+9/-0)
src/display.c (+9/-0)
src/lightdm-guest-session-wrapper.c (+25/-0)
To merge this branch: bzr merge lp:~pitti/lightdm/guest-session-lockdown
Reviewer Review Type Date Requested Status
LightDM Development Team Pending
Review via email: mp+77721@code.launchpad.net

Description of the change

When launching a guest session, run it through a wrapper which we can attach an
AppArmor profile to.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'NEWS'
--- NEWS 2011-09-30 05:48:00 +0000
+++ NEWS 2011-09-30 15:22:39 +0000
@@ -16,6 +16,10 @@
16 * Start authentication when scrolling through GTK greeter entries16 * Start authentication when scrolling through GTK greeter entries
17 * Link liblightdm-qt against QtGui17 * Link liblightdm-qt against QtGui
18 * Fix liblightdm-qt crashing when face images are installed18 * Fix liblightdm-qt crashing when face images are installed
19 * Introduce a lightdm-guest-session-wrapper session command which MAC
20 systems like AppArmor and SELinux can use for attaching a restrictive
21 policy to guest sessions.
22 * Provide an AppArmor profile for guest session lockdown.
1923
20Overview of changes in lightdm 1.0.024Overview of changes in lightdm 1.0.0
2125
2226
=== modified file 'data/Makefile.am'
--- data/Makefile.am 2011-07-20 08:30:27 +0000
+++ data/Makefile.am 2011-09-30 15:22:39 +0000
@@ -6,6 +6,15 @@
6dbusconfdir = $(sysconfdir)/dbus-1/system.d6dbusconfdir = $(sysconfdir)/dbus-1/system.d
7dist_dbusconf_DATA = org.freedesktop.DisplayManager.conf7dist_dbusconf_DATA = org.freedesktop.DisplayManager.conf
88
9EXTRA_DIST = guest-session.apparmor
10
11apparmor_profiledir = $(sysconfdir)/apparmor.d
12
13install-data-hook:
14 install -d $(DESTDIR)$(apparmor_profiledir)
15 sed 's!LIBEXECDIR!$(libexecdir)!g' < $(srcdir)/guest-session.apparmor \
16 > $(DESTDIR)$(apparmor_profiledir)/lightdm-guest-session
17
9dist_man1_MANS = lightdm.118dist_man1_MANS = lightdm.1
1019
11DISTCLEANFILES = \20DISTCLEANFILES = \
1221
=== added file 'data/guest-session.apparmor'
--- data/guest-session.apparmor 1970-01-01 00:00:00 +0000
+++ data/guest-session.apparmor 2011-09-30 15:22:39 +0000
@@ -0,0 +1,52 @@
1# vim:syntax=apparmor
2# Profile for restricting lightdm guest session
3# Author: Martin Pitt <martin.pitt@ubuntu.com>
4
5#include <tunables/global>
6
7LIBEXECDIR/lightdm-guest-session-wrapper {
8 #include <abstractions/authentication>
9 #include <abstractions/nameservice>
10 #include <abstractions/wutmp>
11 /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
12
13 / r,
14 /bin/ rmix,
15 /bin/** rmix,
16 /cdrom/ rmix,
17 /cdrom/** rmix,
18 /dev/ r,
19 /dev/** rmw, # audio devices etc.
20 owner /dev/shm/** rmw,
21 /etc/ r,
22 /etc/** rmk,
23 /etc/gdm/Xsession ix,
24 /lib/ r,
25 /lib/** rmixk,
26 /lib32/ r,
27 /lib32/** rmixk,
28 /media/ r,
29 /media/** rmwlixk, # we want access to USB sticks and the like
30 /opt/ r,
31 /opt/** rmixk,
32 @{PROC}/ r,
33 @{PROC}/* rm,
34 @{PROC}/asound rm,
35 @{PROC}/asound/** rm,
36 owner @{PROC}/** rm,
37 /sbin/ r,
38 /sbin/** rmixk,
39 /sys/ r,
40 /sys/** rm,
41 /tmp/ rw,
42 owner /tmp/** rwlkmix,
43 /usr/ r,
44 /usr/** rmixk,
45 /var/ r,
46 /var/** rmixk,
47 /var/guest-data/** rw, # allow to store files permanently
48 /var/tmp/ rw,
49 owner /var/tmp/** rwlkm,
50 /{,var/}run/ r,
51 /{,var/}run/** rmwkix, # necessary for writing to sockets, etc.
52}
053
=== modified file 'src/Makefile.am'
--- src/Makefile.am 2011-09-27 01:25:05 +0000
+++ src/Makefile.am 2011-09-30 15:22:39 +0000
@@ -79,6 +79,7 @@
79lightdm_CFLAGS = \79lightdm_CFLAGS = \
80 $(LIGHTDM_CFLAGS) \80 $(LIGHTDM_CFLAGS) \
81 $(WARN_CFLAGS) \81 $(WARN_CFLAGS) \
82 -DLIBEXEC_DIR=\"$(libexecdir)\" \
82 -DPKGLIBEXEC_DIR=\"$(pkglibexecdir)\" \83 -DPKGLIBEXEC_DIR=\"$(pkglibexecdir)\" \
83 -DSBIN_DIR=\"$(sbindir)\" \84 -DSBIN_DIR=\"$(sbindir)\" \
84 -DCONFIG_DIR=\"$(sysconfdir)/lightdm\" \85 -DCONFIG_DIR=\"$(sysconfdir)/lightdm\" \
@@ -92,6 +93,14 @@
92 $(LIGHTDM_LIBS) \93 $(LIGHTDM_LIBS) \
93 -lpam94 -lpam
9495
96libexec_PROGRAMS = lightdm-guest-session-wrapper
97
98lightdm_guest_session_wrapper_SOURCES = lightdm-guest-session-wrapper.c
99
100lightdm_guest_session_wrapper_CFLAGS = \
101 $(LIGHTDM_CFLAGS) \
102 $(WARN_CFLAGS)
103
95EXTRA_DIST = ldm-marshal.list \104EXTRA_DIST = ldm-marshal.list \
96 display-manager.xml105 display-manager.xml
97106
98107
=== modified file 'src/display.c'
--- src/display.c 2011-09-29 04:40:35 +0000
+++ src/display.c 2011-09-30 15:22:39 +0000
@@ -433,6 +433,15 @@
433 }433 }
434 }434 }
435435
436 /* for a guest session, run command through the wrapper covered by MAC */
437 if (display->priv->autologin_guest)
438 {
439 gchar *t = command;
440 command = g_strdup_printf (LIBEXEC_DIR "/lightdm-guest-session-wrapper %s", command);
441 g_debug("Guest session, running session command through wrapper: %s", command);
442 g_free (t);
443 }
444
436 g_signal_emit (display, signals[CREATE_SESSION], 0, &session);445 g_signal_emit (display, signals[CREATE_SESSION], 0, &session);
437 g_return_val_if_fail (session != NULL, NULL);446 g_return_val_if_fail (session != NULL, NULL);
438447
439448
=== added file 'src/lightdm-guest-session-wrapper.c'
--- src/lightdm-guest-session-wrapper.c 1970-01-01 00:00:00 +0000
+++ src/lightdm-guest-session-wrapper.c 2011-09-30 15:22:39 +0000
@@ -0,0 +1,25 @@
1/* -*- Mode: C; indent-tabs-mode: nil; tab-width: 4 -*-
2 *
3 * Copyright (C) 2011 Canonical Ltd.
4 * Author: Martin Pitt <martin.pitt@ubuntu.com>
5 *
6 * This program is free software: you can redistribute it and/or modify it under
7 * the terms of the GNU General Public License as published by the Free Software
8 * Foundation, either version 3 of the License, or (at your option) any later
9 * version. See http://www.gnu.org/copyleft/gpl.html the full text of the
10 * license.
11 */
12
13/* This is a simple wrapper which just re-execve()'s the program given as its
14 * arguments. This allows MAC systems like AppArmor or SELinux to apply a
15 * policy on this wrapper which applies to guest sessions only. */
16
17#include <unistd.h>
18
19int
20main (int argc, char *argv[], char *envp[])
21{
22 if (argc < 2)
23 return 1;
24 execve (argv[1], argv+1, envp);
25}

Subscribers

People subscribed via source and target branches