Jamie, thanks for the owner restriction, that makes sense indeed! I committed that to bzr.
As for "/sys rm" I'm not really concerned. sysfs is mostly public information (the ones that aren't, like serial numbers, are already readable for root only). I'm not actually sure whether I made /tmp/ executable as reaction to a bug fix (nothing in bzr history, though) or just because you can already run arbitrary code through shell, python, and other scripts. The main point of the profile is to enforce the inaccessibility of any other user's data, but you should still be able to run programs normally. That's also the reason why I enforce inheritance for all /bin, including for programs that already have their own profile (as the guest session's is usually a lot stricter). Do you see some attack scenarios where it would be better to use the program's profiles? Thanks, Martin -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/673034 Title: gdm-guest-session AppArmor profile improvements -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
