owner @{PROC}/** rm,
# needed for gnome-keyring-daemon
@{PROC}/*/status r,
+ # needed for bamfdaemon and utilities such as ps and killall
+ @{PROC}/*/stat r,
/sbin/ r,
/sbin/** rmixk,
/sys/ r,
capability ipc_lock,
+ # allow processes in the guest session to signal and ptrace each other
+ signal peer=@{profile_name},
+ ptrace peer=@{profile_name},
+ # needed when logging out of the guest session
+ signal (receive) peer=unconfined,
+
# silence warnings for stuff that we really don't want to grant
deny capability dac_override,
deny capability dac_read_search,
+lightdm (1.9.14-0ubuntu2) trusty; urgency=medium
+
+ * debian/patches/06_guest_signal_and_ptrace_aa_rules.patch: Grant
+ permission for guest session processes to signal and ptrace each
+ other (LP: #1298611)
+ * debian/patches/07_guest_proc_pid_stat_aa_rule.patch: Grant permission for
+ guest session processes to read /proc/<PID>/stat. This prevents AppArmor
+ denial messages caused by bamfdaemon and common utilities such as ps and
+ killall. (LP: #1301625)
+
+ -- Tyler Hicks <tyhicks@canonical.com> Thu, 03 Apr 2014 02:48:51 -0500
+
lightdm (1.9.14-0ubuntu1) trusty; urgency=medium
* New upstream release: