touch-packages team mailing list archive

[Steve Beattie <sbeattie@xxxxxxxxxx>]

Attached is a patch for trusty to address this issue as part of an SRU.

** Patch added: "profiles-adjust_X_for_lightdm-lp1339727.patch"
   https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1339727/+attachment/4399558/+files/profiles-adjust_X_for_lightdm-lp1339727.patch

** Description changed:

+ [impact]
+ 
+ This issue prevents X applications from working properly when lightdm is
+ used as a display manager.
+ 
+ [steps to reproduce]
+ 
+ 1) run evince in a desktop session started from lightdm. If this bug has
+ not been addressed, apparmor denials will be seen on the
+ /run/lightdm/$USER/xauthority file in /var/log/syslog.
+ 
+ [regression potential]
+ 
+ The change in the patch for this bug is a slight loosening of
+ the apparmor policy for X applications. The risk of an introduced
+ regression is small.
+ 
+ [original description]
+ 
  The default apparmor 'X' abstraction permits access to
  /{,var/}run/lightdm/authority/[0-9]*, ostensibly for the xauthority
  file.  Except on Trusty, that's not where the xauthority file is.  It is
  instead in /run/lightdm/$USER, and named "xauthority".   I have had to
  udpated my apparmor configuration, lest apparmor convince Evince of
  being a filthy script kiddie, out to corrupt my xauth file.
  
  Please consider adding the following to the 'X' abstraction:
  
  owner /{,var/}run/lightdm/*/xauthority r,
  
  Relevant info:
  
  apparmor:
-   Installed: 2.8.95~2430-0ubuntu5
-   Candidate: 2.8.95~2430-0ubuntu5
-   Version table:
-  *** 2.8.95~2430-0ubuntu5 0
-         500 http://mirrors.mit.edu/ubuntu/ trusty/main amd64 Packages
-         100 /var/lib/dpkg/status
+   Installed: 2.8.95~2430-0ubuntu5
+   Candidate: 2.8.95~2430-0ubuntu5
+   Version table:
+  *** 2.8.95~2430-0ubuntu5 0
+         500 http://mirrors.mit.edu/ubuntu/ trusty/main amd64 Packages
+         100 /var/lib/dpkg/status

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1339727

Title:
  lightdm xauthority path is wrong

Status in apparmor package in Ubuntu:
  Fix Released
Status in apparmor source package in Trusty:
  Triaged
Status in apparmor source package in Utopic:
  Fix Released

Bug description:
  [impact]

  This issue prevents X applications from working properly when lightdm is
  used as a display manager.

  [steps to reproduce]

  1) run evince in a desktop session started from lightdm. If this bug
  has not been addressed, apparmor denials will be seen on the
  /run/lightdm/$USER/xauthority file in /var/log/syslog.

  [regression potential]

  The change in the patch for this bug is a slight loosening of
  the apparmor policy for X applications. The risk of an introduced
  regression is small.

  [original description]

  The default apparmor 'X' abstraction permits access to
  /{,var/}run/lightdm/authority/[0-9]*, ostensibly for the xauthority
  file.  Except on Trusty, that's not where the xauthority file is.  It
  is instead in /run/lightdm/$USER, and named "xauthority".   I have had
  to udpated my apparmor configuration, lest apparmor convince Evince of
  being a filthy script kiddie, out to corrupt my xauth file.

  Please consider adding the following to the 'X' abstraction:

  owner /{,var/}run/lightdm/*/xauthority r,

  Relevant info:

  apparmor:
    Installed: 2.8.95~2430-0ubuntu5
    Candidate: 2.8.95~2430-0ubuntu5
    Version table:
   *** 2.8.95~2430-0ubuntu5 0
          500 http://mirrors.mit.edu/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1339727/+subscriptions