+lightdm (1.12.0-0ubuntu2) utopic; urgency=medium
+
+ * Restore 1.11.9-0ubuntu2, it was reverted by error in the previous upload
+
+ -- Sebastien Bacher <seb128@ubuntu.com> Tue, 30 Sep 2014 11:25:09 +0200
+
lightdm (1.12.0-0ubuntu1) utopic; urgency=medium
* New upstream release:
-- Robert Ancell <robert.ancell@canonical.com> Tue, 30 Sep 2014 15:11:51 +1300
+lightdm (1.11.9-0ubuntu2) utopic; urgency=medium
+
+ * debian/patches/06_apparmor-unix.patch: update for addr= rules
+ * debian/patches/07_apparmor-chrome.patch:
+ - allow new path to Google Chrome (LP: #1361372)
+ - allow read of @{PROC}/[0-9]*/statm
+ * debian/patches/08_apparmor-updates.patch:
+ - allow 'rw' on /etc/compizconfig/unity.ini (continue workaround for
+ LP: 697678)
+ - allow read of @{PROC}/sys/vm/overcommit_memory
+ - allow write to /run/uuidd/request
+
+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 18 Sep 2014 12:18:12 -0500
+
lightdm (1.11.9-0ubuntu1) utopic; urgency=medium
* New upstream release:
Description: updates for unix socket mediation
Forwarded: no
-Index: lightdm-1.11.8/data/apparmor/abstractions/lightdm
+Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm
===================================================================
---- lightdm-1.11.8.orig/data/apparmor/abstractions/lightdm
-+++ lightdm-1.11.8/data/apparmor/abstractions/lightdm
-@@ -79,6 +79,14 @@
+--- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm
++++ lightdm-1.11.9/data/apparmor/abstractions/lightdm
+@@ -79,6 +79,20 @@
# needed when logging out of the guest session
signal (receive) peer=unconfined,
+ unix (receive) peer=(label=unconfined),
+ unix (create),
+ unix (getattr, getopt, setopt, shutdown),
++ unix (bind, listen) type=stream addr="@/com/ubuntu/upstart-session/**",
++ unix (bind, listen) type=stream addr="@/tmp/dbus-*",
++ unix (bind, listen) type=stream addr="@/tmp/.ICE-unix/[0-9]*",
++ unix (bind, listen) type=stream addr="@/dbus-vfs-daemon/*",
++ unix (bind, listen) type=stream addr="@guest*",
+ unix (connect, receive, send) type=stream peer=(addr="@/tmp/dbus-*"),
+ unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
-+ unix (bind) type=stream addr="@/com/ubuntu/upstart-session/*",
++ unix (connect, receive, send) type=stream peer=(addr="@/dbus-vfs-daemon/*"),
++ unix (connect, receive, send) type=stream peer=(addr="@guest*"),
+
# silence warnings for stuff that we really don't want to grant
deny capability dac_override,
deny capability dac_read_search,
-Index: lightdm-1.11.8/data/apparmor/abstractions/lightdm_chromium-browser
+Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
===================================================================
---- lightdm-1.11.8.orig/data/apparmor/abstractions/lightdm_chromium-browser
-+++ lightdm-1.11.8/data/apparmor/abstractions/lightdm_chromium-browser
+--- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm_chromium-browser
++++ lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
@@ -22,6 +22,9 @@
# Allow receiving and sending signals to processes in the chromium child profile
signal (receive, send) peer=/usr/lib/lightdm/lightdm-guest-session//chromium,
--- /dev/null
+Author: Jamie Strandboge <jamie@canonical.com>
+Description: allow Google Chrome and add access to @{PROC}/[0-9]*/statm
+Bug-Ubuntu: https://launchpad.net/bugs/1361372
+
+Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
+===================================================================
+--- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm_chromium-browser
++++ lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
+@@ -15,6 +15,7 @@
+ /opt/google/chrome-stable/google-chrome-stable Cx -> chromium,
+ /opt/google/chrome-beta/google-chrome-beta Cx -> chromium,
+ /opt/google/chrome-unstable/google-chrome-unstable Cx -> chromium,
++ /opt/google/chrome/google-chrome Cx -> chromium,
+
+ # Allow ptracing processes in the chromium child profile
+ ptrace peer=/usr/lib/lightdm/lightdm-guest-session//chromium,
+@@ -56,6 +57,7 @@
+
+ @{PROC}/[0-9]*/ r, # sandbox wants these
+ @{PROC}/[0-9]*/fd/ r, # sandbox wants these
++ @{PROC}/[0-9]*/statm r, # sandbox wants these
+ @{PROC}/[0-9]*/task/[0-9]*/stat r, # sandbox wants these
+
+ /selinux/ r,
--- /dev/null
+Author: Jamie Strandboge <jamie@canonical.com>
+Description: allow 'rw' on /etc/compizconfig/unity.ini (continue workaround for
+ LP: 697678). Allow read of @{PROC}/sys/vm/overcommit_memory. Allow write to
+ /run/uuidd/request.
+
+Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm
+===================================================================
+--- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm
++++ lightdm-1.11.9/data/apparmor/abstractions/lightdm
+@@ -14,7 +14,10 @@
+ #include <abstractions/dbus-accessibility>
+ #include <abstractions/nameservice>
+ #include <abstractions/wutmp>
+- /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
++
++ # bug in compiz https://launchpad.net/bugs/697678
++ /etc/compizconfig/config rw,
++ /etc/compizconfig/unity.ini rw,
+
+ / r,
+ /bin/ rmix,
+@@ -44,6 +47,7 @@
+ @{PROC}/asound/** rm,
+ @{PROC}/ati rm,
+ @{PROC}/ati/** rm,
++ @{PROC}/sys/vm/overcommit_memory r,
+ owner @{PROC}/** rm,
+ # needed for gnome-keyring-daemon
+ @{PROC}/*/status r,
+@@ -68,6 +72,7 @@
+ # necessary for writing to sockets, etc.
+ /{,var/}run/** rmkix,
+ /{,var/}run/shm/** wl,
++ /{,var/}run/uuidd/request w,
+ # libpam-xdg-support/logind
+ owner /{,var/}run/user/*/** rw,
+
04_language_handling.patch
05_translate_debian_files.patch
06_apparmor-unix.patch
+07_apparmor-chrome.patch
+08_apparmor-updates.patch
projects / sojka / lightdm.git / commitdiff