allow owner 'rw' access to /{,var/}run/user/guest-*/dconf/user.

author Jamie Strandboge <jamie@canonical.com>

Mon, 11 Feb 2013 21:28:14 +0000 (10:28 +1300)

committer Robert Ancell <robert.ancell@canonical.com>

Mon, 11 Feb 2013 21:28:14 +0000 (10:28 +1300)
author Jamie Strandboge <jamie@canonical.com>
Mon, 11 Feb 2013 21:28:14 +0000 (10:28 +1300)
committer Robert Ancell <robert.ancell@canonical.com>
Mon, 11 Feb 2013 21:28:14 +0000 (10:28 +1300)
diff --git a/data/guest-session.apparmor b/data/guest-session.apparmor

index 60b622f324ba252699bbcd9d2aec84cb08ba78f1..bb25a8c138846de78710c7a0a3e3be2bea2f81a9 100644 (file)
--- a/data/guest-session.apparmor
+++ b/data/guest-session.apparmor
@@ -58,6 +58,11 @@ PKGLIBEXECDIR/lightdm-guest-session-wrapper {
    # necessary for writing to sockets, etc.
    /{,var/}run/** rmkix,
    /{,var/}run/shm/** wl,
+  # libpam-xdg-support
+  owner /{,var/}run/user/guest-*/dconf/ rw,
+  owner /{,var/}run/user/guest-*/dconf/user rw,
+  owner /{,var/}run/user/guest-*/keyring-*/ rw,
+  owner /{,var/}run/user/guest-*/keyring-*/{control,gpg,pkcs11,ssh} rw,
  
    capability ipc_lock,
author	Jamie Strandboge <jamie@canonical.com>
	Mon, 11 Feb 2013 21:28:14 +0000 (10:28 +1300)
committer	Robert Ancell <robert.ancell@canonical.com>
	Mon, 11 Feb 2013 21:28:14 +0000 (10:28 +1300)