]> rtime.felk.cvut.cz Git - sojka/lightdm.git/commitdiff
projects / sojka / lightdm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ec5f70)
data/guest-session.apparmor: Disable "deny /etc/** w" until LP#697678 is fixed, to...
authorMartin Pitt <martin.pitt@ubuntu.com>
Wed, 26 Oct 2011 05:27:06 +0000 (07:27 +0200)
committerMartin Pitt <martin.pitt@ubuntu.com>
Wed, 26 Oct 2011 05:27:06 +0000 (07:27 +0200)
data/guest-session.apparmor patch | blob | history

diff --git a/data/guest-session.apparmor b/data/guest-session.apparmor
index a6ecd5f72f2ead4d3eff847ea192e63de9d13bee..e652d34aa8b3e52170fd809158ff4d9a6c07535f 100644 (file)
--- a/data/guest-session.apparmor
+++ b/data/guest-session.apparmor
@@ -12,6 +12,7 @@ LIBEXECDIR/lightdm-guest-session-wrapper {
  
   / r,
   /bin/ rmix,
+  /bin/fusermount Px,
   /bin/** rmix,
   /cdrom/ rmix,
   /cdrom/** rmix,
@@ -63,7 +64,7 @@ LIBEXECDIR/lightdm-guest-session-wrapper {
   # silence warnings for stuff that we really don't want to grant
   deny capability dac_override,
   deny capability dac_read_search,
-  deny /etc/** w,
+  #deny /etc/** w, # re-enable once LP#697678 is fixed
   deny /usr/** w,
   deny /var/crash/ w,
 }