]> rtime.felk.cvut.cz Git - sojka/lightdm.git/commitdiff
projects / sojka / lightdm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9abfff8)
Allow guest session to write /run/user/<username>/
authorMartin Pitt <martin.pitt@ubuntu.com>
Mon, 25 Feb 2013 13:29:25 +0000 (14:29 +0100)
committerMartin Pitt <martin.pitt@ubuntu.com>
Mon, 25 Feb 2013 13:29:25 +0000 (14:29 +0100)
Don't just permit creating and accessing selected directories, but allow
creating new directories as well. This avoids bugs with other software which
uses XDG_RUNTIME_DIR (such as pulseaudio). As this is by definition an
ephemeral and a private directory, there is no data leak from other users.

data/guest-session.apparmor_abstraction patch | blob | history

diff --git a/data/guest-session.apparmor_abstraction b/data/guest-session.apparmor_abstraction
index 4afe945167e1f49662544c536947fac1620a095c..f73edd2d951f2ecb78eb1b131949800b00b4c9fc 100644 (file)
--- a/data/guest-session.apparmor_abstraction
+++ b/data/guest-session.apparmor_abstraction
@@ -61,10 +61,7 @@
   /{,var/}run/** rmkix,
   /{,var/}run/shm/** wl,
   # libpam-xdg-support
-  owner /{,var/}run/user/guest-*/dconf/ rw,
-  owner /{,var/}run/user/guest-*/dconf/user rw,
-  owner /{,var/}run/user/guest-*/keyring-*/ rw,
-  owner /{,var/}run/user/guest-*/keyring-*/{control,gpg,pkcs11,ssh} rw,
+  owner /{,var/}run/user/guest-*/** rw,
 
   capability ipc_lock,