2 # Profile for restricting lightdm guest session
4 #include <tunables/global>
6 @libexecdir@/lightdm-guest-session {
7 # Most applications are confined via the main abstraction
8 #include <abstractions/lightdm>
10 # chromium-browser needs special confinement due to its sandboxing
11 #include <abstractions/lightdm_chromium-browser>
13 # fcitx and friends needs special treatment due to C/S design
15 /tmp/fcitx-socket-* rwl,
17 /usr/bin/fcitx-qimpanel ix,
18 /usr/bin/sogou-qimpanel-watchdog ix,
19 /usr/bin/sogou-sys-notify ix,
20 /tmp/sogou-qimpanel:* rwl,
22 # mozc_server needs special treatment due to C/S design
23 unix (bind, listen) type=stream addr="@tmp/.mozc.*",