From 62acbd3bbd9817a70aa5a7dcfc274f083d5dd2bd Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Tue, 31 Mar 2015 18:56:04 +0300
Subject: lightdm 1.10.3-3

---
 debian/patches/02_fix-apparmor-profile.patch | 44 ++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 debian/patches/02_fix-apparmor-profile.patch

(limited to 'debian/patches/02_fix-apparmor-profile.patch')

diff --git a/debian/patches/02_fix-apparmor-profile.patch b/debian/patches/02_fix-apparmor-profile.patch
new file mode 100644
index 0000000..8223f8c
--- /dev/null
+++ b/debian/patches/02_fix-apparmor-profile.patch
@@ -0,0 +1,44 @@
+--- a/data/apparmor/abstractions/lightdm
++++ b/data/apparmor/abstractions/lightdm
+@@ -11,7 +11,6 @@
+   #include <abstractions/cups-client>
+   #include <abstractions/dbus>
+   #include <abstractions/dbus-session>
+-  #include <abstractions/dbus-accessibility>
+   #include <abstractions/nameservice>
+   #include <abstractions/wutmp>
+   /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
+@@ -74,10 +73,11 @@
+   capability ipc_lock,
+ 
+   # allow processes in the guest session to signal and ptrace each other
+-  signal peer=@{profile_name},
+-  ptrace peer=@{profile_name},
+-  # needed when logging out of the guest session
+-  signal (receive) peer=unconfined,
++  # this doesn't work with the current Debian apparmor
++  #signal peer=@{profile_name},
++  #ptrace peer=@{profile_name},
++  ## needed when logging out of the guest session
++  #signal (receive) peer=unconfined,
+ 
+   # silence warnings for stuff that we really don't want to grant
+   deny capability dac_override,
+--- a/data/apparmor/abstractions/lightdm_chromium-browser
++++ b/data/apparmor/abstractions/lightdm_chromium-browser
+@@ -8,6 +8,7 @@
+ # provided in abstractions/lightdm, this abstraction must be separate from
+ # abstractions/lightdm.
+ 
++  /usr/lib/chromium/chromium Cx -> chromium,
+   /usr/lib/chromium-browser/chromium-browser Cx -> chromium,
+   /usr/bin/webapp-container Cx -> chromium,
+   /usr/bin/webbrowser-app Cx -> chromium,
+@@ -53,6 +54,7 @@
+ 
+     /selinux/ r,
+ 
++    /usr/lib/chromium/chrome-sandbox ix,
+     /usr/lib/chromium-browser/chromium-browser-sandbox ix,
+     /usr/lib/@{multiarch}/oxide-qt/chrome-sandbox ix,
+     /opt/google/chrome-*/chrome-sandbox ix,
-- 
cgit v1.2.3