From c5280226f52b7fc02fab2e0308bd49fb274c3c01 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@canonical.com>
Date: Mon, 28 Oct 2013 20:55:31 -0700
Subject: [PATCH] * Update the AppArmor lightdm abstraction to account for
 AppArmor   changes that landed in 13.10   - Allow full access to the system,
 session, and accessibility buses   - Allow trusted helpers, such as
 dbus-daemon, that are confined by a     lightdm session profile, to query
 AppArmor policy using the .access     file in apparmorfs   - Include the
 cups-client abstraction to grant access to the cups     socket file

---
 data/apparmor/abstractions/lightdm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/apparmor/abstractions/lightdm b/data/apparmor/abstractions/lightdm
index bd60f90f..d94edc3e 100644
--- a/data/apparmor/abstractions/lightdm
+++ b/data/apparmor/abstractions/lightdm
@@ -8,6 +8,10 @@
 # etc). Note that this profile intentionally omits chromium-browser.
 
   #include <abstractions/authentication>
+  #include <abstractions/cups-client>
+  #include <abstractions/dbus>
+  #include <abstractions/dbus-session>
+  #include <abstractions/dbus-accessibility>
   #include <abstractions/nameservice>
   #include <abstractions/wutmp>
   /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
@@ -47,6 +51,8 @@
   /sbin/** rmixk,
   /sys/ r,
   /sys/** rm,
+  # needed for confined trusted helpers, such as dbus-daemon
+  /sys/kernel/security/apparmor/.access rw,
   /tmp/ rw,
   owner /tmp/** rwlkmix,
   /usr/ r,
-- 
2.39.2