Merge lp:~tyhicks/lightdm/guest-session-policy-updates into lp:lightdm
Status: | Merged | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Merged at revision: | 1948 | ||||||||||||
Proposed branch: | lp:~tyhicks/lightdm/guest-session-policy-updates | ||||||||||||
Merge into: | lp:lightdm | ||||||||||||
Diff against target: |
53 lines (+28/-0) 2 files modified
data/apparmor/abstractions/lightdm (+8/-0) debian/changelog (+20/-0) |
||||||||||||
To merge this branch: | bzr merge lp:~tyhicks/lightdm/guest-session-policy-updates | ||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
PS Jenkins bot | continuous-integration | Approve | |
Robert Ancell | Needs Fixing | ||
Review via email: mp+214197@code.launchpad.net |
Commit message
Update the lightdm AppArmor abstraction to allow the guest session to start when AppArmor is mediating signals and ptrace and fix a minor, but noisy, denial when applications attempt to read /proc/<PID>/stat.
Description of the change
Here are two updates for the guest session AppArmor profile.
The first change is to allow signals and ptrace'ing inside the guest session. Note that signal and ptrace mediation is an AppArmor feature that has just landed in Ubuntu Trusty and requires apparmor 2.8.95~
The second change is to quiet/allow some of the denials that I noticed while testing the change above. As soon as the guest session starts, bamfdaemon tries to read a lot of /proc/<PID>/stat files and, therefore, generates a lot of AppArmor denials. I noticed that these same denials were emitted when common utilities such as ps and killall were used inside the guest session.
FAILED: Continuous integration, rev:1949 /code.launchpad .net/~tyhicks/ lightdm/ guest-session- policy- updates/ +merge/ 214197/ +edit-commit- message
No commit message was specified in the merge proposal. Click on the following link and set the commit message (if you want a jenkins rebuild you need to trigger it yourself):
https:/
http:// jenkins. qa.ubuntu. com/job/ lightdm- ci/269/ jenkins. qa.ubuntu. com/job/ lightdm- trusty- amd64-ci/ 63 jenkins. qa.ubuntu. com/job/ lightdm- trusty- armhf-ci/ 63
Executed test runs:
SUCCESS: http://
SUCCESS: http://
Click here to trigger a rebuild: s-jenkins. ubuntu- ci:8080/ job/lightdm- ci/269/ rebuild
http://