]> rtime.felk.cvut.cz Git - sojka/debian/lightdm.git/blobdiff - debian/patches/02_fix-apparmor-profile.patch
projects / sojka / debian / lightdm.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* debian/patches:
[sojka/debian/lightdm.git] / debian / patches / 02_fix-apparmor-profile.patch
diff --git a/debian/patches/02_fix-apparmor-profile.patch b/debian/patches/02_fix-apparmor-profile.patch
index b693661b487b8388ca5a21837215b358d31b4f57..83448712ea0f769f9f7435e679051bd45df7795e 100644 (file)
--- a/debian/patches/02_fix-apparmor-profile.patch
+++ b/debian/patches/02_fix-apparmor-profile.patch
@@ -8,3 +8,19 @@
    #include <abstractions/nameservice>
    #include <abstractions/wutmp>
    /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
+@@ -74,10 +73,11 @@
+   capability ipc_lock,
+   # allow processes in the guest session to signal and ptrace each other
+-  signal peer=@{profile_name},
+-  ptrace peer=@{profile_name},
+-  # needed when logging out of the guest session
+-  signal (receive) peer=unconfined,
++  # this doesn't work with the current Debian apparmor
++  #signal peer=@{profile_name},
++  #ptrace peer=@{profile_name},
++  ## needed when logging out of the guest session
++  #signal (receive) peer=unconfined,
+   # silence warnings for stuff that we really don't want to grant
+   deny capability dac_override,