Attached is a patch for trusty to address this issue as part of an SRU.
** Patch added: "profiles-adjust_X_for_lightdm-lp1339727.patch"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1339727/+attachment/4399558/+files/profiles-adjust_X_for_lightdm-lp1339727.patch
** Description changed:
+ [impact]
+
+ This issue prevents X applications from working properly when lightdm is
+ used as a display manager.
+
+ [steps to reproduce]
+
+ 1) run evince in a desktop session started from lightdm. If this bug has
+ not been addressed, apparmor denials will be seen on the
+ /run/lightdm/$USER/xauthority file in /var/log/syslog.
+
+ [regression potential]
+
+ The change in the patch for this bug is a slight loosening of
+ the apparmor policy for X applications. The risk of an introduced
+ regression is small.
+
+ [original description]
+
The default apparmor 'X' abstraction permits access to
/{,var/}run/lightdm/authority/[0-9]*, ostensibly for the xauthority
file. Except on Trusty, that's not where the xauthority file is. It is
instead in /run/lightdm/$USER, and named "xauthority". I have had to
udpated my apparmor configuration, lest apparmor convince Evince of
being a filthy script kiddie, out to corrupt my xauth file.
Please consider adding the following to the 'X' abstraction:
owner /{,var/}run/lightdm/*/xauthority r,
Relevant info:
apparmor:
- Installed: 2.8.95~2430-0ubuntu5
- Candidate: 2.8.95~2430-0ubuntu5
- Version table:
- *** 2.8.95~2430-0ubuntu5 0
- 500 http://mirrors.mit.edu/ubuntu/ trusty/main amd64 Packages
- 100 /var/lib/dpkg/status
+ Installed: 2.8.95~2430-0ubuntu5
+ Candidate: 2.8.95~2430-0ubuntu5
+ Version table:
+ *** 2.8.95~2430-0ubuntu5 0
+ 500 http://mirrors.mit.edu/ubuntu/ trusty/main amd64 Packages
+ 100 /var/lib/dpkg/status
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1339727
Title:
lightdm xauthority path is wrong
Status in apparmor package in Ubuntu:
Fix Released
Status in apparmor source package in Trusty:
Triaged
Status in apparmor source package in Utopic:
Fix Released
Bug description:
[impact]
This issue prevents X applications from working properly when lightdm is
used as a display manager.
[steps to reproduce]
1) run evince in a desktop session started from lightdm. If this bug
has not been addressed, apparmor denials will be seen on the
/run/lightdm/$USER/xauthority file in /var/log/syslog.
[regression potential]
The change in the patch for this bug is a slight loosening of
the apparmor policy for X applications. The risk of an introduced
regression is small.
[original description]
The default apparmor 'X' abstraction permits access to
/{,var/}run/lightdm/authority/[0-9]*, ostensibly for the xauthority
file. Except on Trusty, that's not where the xauthority file is. It
is instead in /run/lightdm/$USER, and named "xauthority". I have had
to udpated my apparmor configuration, lest apparmor convince Evince of
being a filthy script kiddie, out to corrupt my xauth file.
Please consider adding the following to the 'X' abstraction:
owner /{,var/}run/lightdm/*/xauthority r,
Relevant info:
apparmor:
Installed: 2.8.95~2430-0ubuntu5
Candidate: 2.8.95~2430-0ubuntu5
Version table:
*** 2.8.95~2430-0ubuntu5 0
500 http://mirrors.mit.edu/ubuntu/ trusty/main amd64 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1339727/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
