changes that landed in 13.10
- Allow full access to the system, session, and accessibility buses
- Allow trusted helpers, such as dbus-daemon, that are confined by a
lightdm session profile, to query AppArmor policy using the .access
file in apparmorfs
- Include the cups-client abstraction to grant access to the cups
socket file
# etc). Note that this profile intentionally omits chromium-browser.
#include <abstractions/authentication>
+ #include <abstractions/cups-client>
+ #include <abstractions/dbus>
+ #include <abstractions/dbus-session>
+ #include <abstractions/dbus-accessibility>
#include <abstractions/nameservice>
#include <abstractions/wutmp>
/etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
/sbin/** rmixk,
/sys/ r,
/sys/** rm,
+ # needed for confined trusted helpers, such as dbus-daemon
+ /sys/kernel/security/apparmor/.access rw,
/tmp/ rw,
owner /tmp/** rwlkmix,
/usr/ r,