[Touch-packages] [Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

Thu, 11 May 2017 16:31:55 -0700 

I'm making this bug public now that we have security updates published
which disable the guest session. My hope is that we can re-enable it
after the changes suggested by pitti can be investigated/implemented.

** No longer affects: apparmor (Ubuntu Artful)

** No longer affects: apparmor (Ubuntu Zesty)

** No longer affects: apparmor (Ubuntu Yakkety)

** Changed in: apparmor (Ubuntu)
       Status: New => Invalid

** Description changed:

  Processes launched under a lightdm guest session are not confined by the
- /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10
- and Ubuntu Zesty. The processes are actually unconfined.
+ /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10,
+ Ubuntu 17.04, and Ubuntu Artful (current dev release). The processes are
+ unconfined.
  
  The simple test case is to log into a guest session, launch a terminal
  with ctrl-alt-t, and run the following command:
  
-  $ cat /proc/self/attr/current
+  $ cat /proc/self/attr/current
  
  Expected output, as seen in Ubuntu 16.04 LTS, is:
  
-  /usr/lib/lightdm/lightdm-guest-session (enforce)
+  /usr/lib/lightdm/lightdm-guest-session (enforce)
  
  Running the command inside of an Ubuntu 16.10 and newer guest session
  results in:
  
-  unconfined
+  unconfined

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

Status in Light Display Manager:
  New
Status in apparmor package in Ubuntu:
  Invalid
Status in lightdm package in Ubuntu:
  Triaged
Status in lightdm source package in Yakkety:
  Fix Released
Status in lightdm source package in Zesty:
  Fix Released
Status in lightdm source package in Artful:
  Triaged

Bug description:
  Processes launched under a lightdm guest session are not confined by
  the /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu
  16.10, Ubuntu 17.04, and Ubuntu Artful (current dev release). The
  processes are unconfined.

  The simple test case is to log into a guest session, launch a terminal
  with ctrl-alt-t, and run the following command:

   $ cat /proc/self/attr/current

  Expected output, as seen in Ubuntu 16.04 LTS, is:

   /usr/lib/lightdm/lightdm-guest-session (enforce)

  Running the command inside of an Ubuntu 16.10 and newer guest session
  results in:

   unconfined

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to