Thinking over this has made me rethink how guest sessions are implemented in LightDM. The AppArmor code has always been an awkward fit in the daemon (which can't possibly know what resources a session will require). I propose for LightDM 1.6 that the guest sessions are externally defined with their own AppArmor profiles like the proposal for remote sessions is done (bug 1050739).
The downside of all this is each session requires its own AppArmor profile which will probably all be quite similar. I don't know if AppArmour has any support for simplifying this. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1049849 Title: "Remote Login" account not confined by guest AppArmor profile Status in “lightdm” package in Ubuntu: Confirmed Status in “lightdm-remote-session-freerdp” package in Ubuntu: New Status in “lightdm-remote-session-uccsconfigure” package in Ubuntu: New Bug description: The "Guest" session in lightdm is launched confined by a very restrictive AppArmor profile for security reasons. The new "Remote Login" session that has been added to Quantal is supposed to be using the same type of guest account restrictions, but isn't restricted by the guest AppArmor profile. This has a security impact on the default desktop. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: lightdm 1.3.3-0ubuntu4 ProcVersionSignature: Ubuntu 3.5.0-14.16-generic 3.5.3 Uname: Linux 3.5.0-14-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.5.1-0ubuntu7 Architecture: amd64 Date: Wed Sep 12 10:09:10 2012 InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha amd64 (20120724.2) ProcEnviron: LANGUAGE=en_CA:en TERM=xterm PATH=(custom, no user) LANG=en_CA.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1049849/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
