Limit /media access to guest owned devices

author Martin Pitt <martin.pitt@ubuntu.com>

Tue, 1 Nov 2011 18:59:19 +0000 (14:59 -0400)

committer Martin Pitt <martin.pitt@ubuntu.com>

Tue, 1 Nov 2011 18:59:19 +0000 (14:59 -0400)
author Martin Pitt <martin.pitt@ubuntu.com>
Tue, 1 Nov 2011 18:59:19 +0000 (14:59 -0400)
committer Martin Pitt <martin.pitt@ubuntu.com>
Tue, 1 Nov 2011 18:59:19 +0000 (14:59 -0400)
diff --git a/data/guest-session.apparmor b/data/guest-session.apparmor

index e652d34aa8b3e52170fd809158ff4d9a6c07535f..cf90d5f1bf740eda871a4b7452203c75c83dbcc4 100644 (file)
--- a/data/guest-session.apparmor
+++ b/data/guest-session.apparmor
@@ -28,8 +28,8 @@ LIBEXECDIR/lightdm-guest-session-wrapper {
    /lib32/** rmixk,
    /lib64/ r,
    /lib64/** rmixk,
-  /media/ r,
-  /media/** rmwlixk,  # we want access to USB sticks and the like
+  owner /media/ r,
+  owner /media/** rmwlixk,  # we want access to USB sticks and the like
    /opt/ r,
    /opt/** rmixk,
    @{PROC}/ r,
author	Martin Pitt <martin.pitt@ubuntu.com>
	Tue, 1 Nov 2011 18:59:19 +0000 (14:59 -0400)
committer	Martin Pitt <martin.pitt@ubuntu.com>
	Tue, 1 Nov 2011 18:59:19 +0000 (14:59 -0400)