lightdm 1.10.3-3debian/1.10.3-3debian

1 files changed, 44 insertions, 0 deletions

diff --git a/debian/patches/02_fix-apparmor-profile.patch b/debian/patches/02_fix-apparmor-profile.patch
new file mode 100644
index 0000000..8223f8c
--- /dev/null
+++ b/debian/patches/02_fix-apparmor-profile.patch
@@ -0,0 +1,44 @@
+--- a/data/apparmor/abstractions/lightdm
++++ b/data/apparmor/abstractions/lightdm
+@@ -11,7 +11,6 @@
+   #include <abstractions/cups-client>
+   #include <abstractions/dbus>
+   #include <abstractions/dbus-session>
+-  #include <abstractions/dbus-accessibility>
+   #include <abstractions/nameservice>
+   #include <abstractions/wutmp>
+   /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
+@@ -74,10 +73,11 @@
+   capability ipc_lock,
+ 
+   # allow processes in the guest session to signal and ptrace each other
+-  signal peer=@{profile_name},
+-  ptrace peer=@{profile_name},
+-  # needed when logging out of the guest session
+-  signal (receive) peer=unconfined,
++  # this doesn't work with the current Debian apparmor
++  #signal peer=@{profile_name},
++  #ptrace peer=@{profile_name},
++  ## needed when logging out of the guest session
++  #signal (receive) peer=unconfined,
+ 
+   # silence warnings for stuff that we really don't want to grant
+   deny capability dac_override,
+--- a/data/apparmor/abstractions/lightdm_chromium-browser
++++ b/data/apparmor/abstractions/lightdm_chromium-browser
+@@ -8,6 +8,7 @@
+ # provided in abstractions/lightdm, this abstraction must be separate from
+ # abstractions/lightdm.
+ 
++  /usr/lib/chromium/chromium Cx -> chromium,
+   /usr/lib/chromium-browser/chromium-browser Cx -> chromium,
+   /usr/bin/webapp-container Cx -> chromium,
+   /usr/bin/webbrowser-app Cx -> chromium,
+@@ -53,6 +54,7 @@
+ 
+     /selinux/ r,
+ 
++    /usr/lib/chromium/chrome-sandbox ix,
+     /usr/lib/chromium-browser/chromium-browser-sandbox ix,
+     /usr/lib/@{multiarch}/oxide-qt/chrome-sandbox ix,
+     /opt/google/chrome-*/chrome-sandbox ix,