Light Display Manager

Merge lp:~seb128/lightdm/upload-bugfix-utopic into lp:lightdm

  1. upload-bugfix-utopic
  2. Merge into trunk
Proposed by Sebastien Bacher
Status: Merged
Approved by: Robert Ancell
Approved revision: 2071
Merged at revision: 2071
Proposed branch: lp:~seb128/lightdm/upload-bugfix-utopic
Merge into: lp:lightdm
Diff against target: 163 lines (+97/-8)
5 files modified
debian/changelog (+20/-0)
debian/patches/06_apparmor-unix.patch (+14/-8)
debian/patches/07_apparmor-chrome.patch (+24/-0)
debian/patches/08_apparmor-updates.patch (+37/-0)
debian/patches/series (+2/-0)
To merge this branch: bzr merge lp:~seb128/lightdm/upload-bugfix-utopic
Reviewer Review Type Date Requested Status
Robert Ancell Approve
PS Jenkins bot continuous-integration Needs Fixing
Review via email: mp+236472@code.launchpad.net

Commit message

Restore 1.11.9-0ubuntu2, it was reverted by error in the previous upload

Description of the change

Restore 1.11.9-0ubuntu2, it was reverted by error in the previous upload

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:2071
http://jenkins.qa.ubuntu.com/job/lightdm-ci/306/
Executed test runs:
    FAILURE: http://jenkins.qa.ubuntu.com/job/lightdm-utopic-amd64-ci/20/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/lightdm-utopic-armhf-ci/19

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/lightdm-ci/306/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Robert Ancell (robert-ancell) :
review: Approve
Revision history for this message
Robert Ancell (robert-ancell) wrote :

Also applied to lp:lightdm/1.12 which is the utopic branch

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2014-09-30 02:55:14 +0000
3+++ debian/changelog 2014-09-30 09:32:18 +0000
4@@ -1,3 +1,9 @@
5+lightdm (1.12.0-0ubuntu2) utopic; urgency=medium
6+
7+ * Restore 1.11.9-0ubuntu2, it was reverted by error in the previous upload
8+
9+ -- Sebastien Bacher <seb128@ubuntu.com> Tue, 30 Sep 2014 11:25:09 +0200
10+
11 lightdm (1.12.0-0ubuntu1) utopic; urgency=medium
12
13 * New upstream release:
14@@ -11,6 +17,20 @@
15
16 -- Robert Ancell <robert.ancell@canonical.com> Tue, 30 Sep 2014 15:11:51 +1300
17
18+lightdm (1.11.9-0ubuntu2) utopic; urgency=medium
19+
20+ * debian/patches/06_apparmor-unix.patch: update for addr= rules
21+ * debian/patches/07_apparmor-chrome.patch:
22+ - allow new path to Google Chrome (LP: #1361372)
23+ - allow read of @{PROC}/[0-9]*/statm
24+ * debian/patches/08_apparmor-updates.patch:
25+ - allow 'rw' on /etc/compizconfig/unity.ini (continue workaround for
26+ LP: 697678)
27+ - allow read of @{PROC}/sys/vm/overcommit_memory
28+ - allow write to /run/uuidd/request
29+
30+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 18 Sep 2014 12:18:12 -0500
31+
32 lightdm (1.11.9-0ubuntu1) utopic; urgency=medium
33
34 * New upstream release:
35
36=== modified file 'debian/patches/06_apparmor-unix.patch'
37--- debian/patches/06_apparmor-unix.patch 2014-09-10 03:33:49 +0000
38+++ debian/patches/06_apparmor-unix.patch 2014-09-30 09:32:18 +0000
39@@ -2,11 +2,11 @@
40 Description: updates for unix socket mediation
41 Forwarded: no
42
43-Index: lightdm-1.11.8/data/apparmor/abstractions/lightdm
44+Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm
45 ===================================================================
46---- lightdm-1.11.8.orig/data/apparmor/abstractions/lightdm
47-+++ lightdm-1.11.8/data/apparmor/abstractions/lightdm
48-@@ -79,6 +79,14 @@
49+--- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm
50++++ lightdm-1.11.9/data/apparmor/abstractions/lightdm
51+@@ -79,6 +79,20 @@
52 # needed when logging out of the guest session
53 signal (receive) peer=unconfined,
54
55@@ -14,17 +14,23 @@
56 + unix (receive) peer=(label=unconfined),
57 + unix (create),
58 + unix (getattr, getopt, setopt, shutdown),
59++ unix (bind, listen) type=stream addr="@/com/ubuntu/upstart-session/**",
60++ unix (bind, listen) type=stream addr="@/tmp/dbus-*",
61++ unix (bind, listen) type=stream addr="@/tmp/.ICE-unix/[0-9]*",
62++ unix (bind, listen) type=stream addr="@/dbus-vfs-daemon/*",
63++ unix (bind, listen) type=stream addr="@guest*",
64 + unix (connect, receive, send) type=stream peer=(addr="@/tmp/dbus-*"),
65 + unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
66-+ unix (bind) type=stream addr="@/com/ubuntu/upstart-session/*",
67++ unix (connect, receive, send) type=stream peer=(addr="@/dbus-vfs-daemon/*"),
68++ unix (connect, receive, send) type=stream peer=(addr="@guest*"),
69 +
70 # silence warnings for stuff that we really don't want to grant
71 deny capability dac_override,
72 deny capability dac_read_search,
73-Index: lightdm-1.11.8/data/apparmor/abstractions/lightdm_chromium-browser
74+Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
75 ===================================================================
76---- lightdm-1.11.8.orig/data/apparmor/abstractions/lightdm_chromium-browser
77-+++ lightdm-1.11.8/data/apparmor/abstractions/lightdm_chromium-browser
78+--- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm_chromium-browser
79++++ lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
80 @@ -22,6 +22,9 @@
81 # Allow receiving and sending signals to processes in the chromium child profile
82 signal (receive, send) peer=/usr/lib/lightdm/lightdm-guest-session//chromium,
83
84=== added file 'debian/patches/07_apparmor-chrome.patch'
85--- debian/patches/07_apparmor-chrome.patch 1970-01-01 00:00:00 +0000
86+++ debian/patches/07_apparmor-chrome.patch 2014-09-30 09:32:18 +0000
87@@ -0,0 +1,24 @@
88+Author: Jamie Strandboge <jamie@canonical.com>
89+Description: allow Google Chrome and add access to @{PROC}/[0-9]*/statm
90+Bug-Ubuntu: https://launchpad.net/bugs/1361372
91+
92+Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
93+===================================================================
94+--- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm_chromium-browser
95++++ lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
96+@@ -15,6 +15,7 @@
97+ /opt/google/chrome-stable/google-chrome-stable Cx -> chromium,
98+ /opt/google/chrome-beta/google-chrome-beta Cx -> chromium,
99+ /opt/google/chrome-unstable/google-chrome-unstable Cx -> chromium,
100++ /opt/google/chrome/google-chrome Cx -> chromium,
101+
102+ # Allow ptracing processes in the chromium child profile
103+ ptrace peer=/usr/lib/lightdm/lightdm-guest-session//chromium,
104+@@ -56,6 +57,7 @@
105+
106+ @{PROC}/[0-9]*/ r, # sandbox wants these
107+ @{PROC}/[0-9]*/fd/ r, # sandbox wants these
108++ @{PROC}/[0-9]*/statm r, # sandbox wants these
109+ @{PROC}/[0-9]*/task/[0-9]*/stat r, # sandbox wants these
110+
111+ /selinux/ r,
112
113=== added file 'debian/patches/08_apparmor-updates.patch'
114--- debian/patches/08_apparmor-updates.patch 1970-01-01 00:00:00 +0000
115+++ debian/patches/08_apparmor-updates.patch 2014-09-30 09:32:18 +0000
116@@ -0,0 +1,37 @@
117+Author: Jamie Strandboge <jamie@canonical.com>
118+Description: allow 'rw' on /etc/compizconfig/unity.ini (continue workaround for
119+ LP: 697678). Allow read of @{PROC}/sys/vm/overcommit_memory. Allow write to
120+ /run/uuidd/request.
121+
122+Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm
123+===================================================================
124+--- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm
125++++ lightdm-1.11.9/data/apparmor/abstractions/lightdm
126+@@ -14,7 +14,10 @@
127+ #include <abstractions/dbus-accessibility>
128+ #include <abstractions/nameservice>
129+ #include <abstractions/wutmp>
130+- /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
131++
132++ # bug in compiz https://launchpad.net/bugs/697678
133++ /etc/compizconfig/config rw,
134++ /etc/compizconfig/unity.ini rw,
135+
136+ / r,
137+ /bin/ rmix,
138+@@ -44,6 +47,7 @@
139+ @{PROC}/asound/** rm,
140+ @{PROC}/ati rm,
141+ @{PROC}/ati/** rm,
142++ @{PROC}/sys/vm/overcommit_memory r,
143+ owner @{PROC}/** rm,
144+ # needed for gnome-keyring-daemon
145+ @{PROC}/*/status r,
146+@@ -68,6 +72,7 @@
147+ # necessary for writing to sockets, etc.
148+ /{,var/}run/** rmkix,
149+ /{,var/}run/shm/** wl,
150++ /{,var/}run/uuidd/request w,
151+ # libpam-xdg-support/logind
152+ owner /{,var/}run/user/*/** rw,
153+
154
155=== modified file 'debian/patches/series'
156--- debian/patches/series 2014-09-30 02:55:14 +0000
157+++ debian/patches/series 2014-09-30 09:32:18 +0000
158@@ -1,3 +1,5 @@
159 04_language_handling.patch
160 05_translate_debian_files.patch
161 06_apparmor-unix.patch
162+07_apparmor-chrome.patch
163+08_apparmor-updates.patch

Subscribers

People subscribed via source and target branches