jeremiejig, thanks for your work on this. I think I am going to solve it
in a different way however. It would be nice if AppArmor could merge
profiles, but we can't yet, so we need to do like you initially did:
have two mostly identical profiles. Because the lightdm remote sessions
are shipping policy copies, the maintenance cost is getting high. I will
be abstracting out the guest rules into abstracations/lightdm and then
have a small snippet using a child profile in abstractions
/lightdm_chromium-browser. The guest and remote lightdm profiles can
just include these and all the policy is in the abstractions. Using a
lightdm.d directory is a good idea, but upstream AppArmor is currently
discussing how to best handle .d directories like this, and I'd rather
not add another one until that discussions is finished.
** Changed in: lightdm-remote-session-freerdp (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/577919
Title:
chromium-browser fails to start (guest account, OpenVZ): "Failed to
move to new PID namespace: Operation not permitted"
To manage notifications about this bug go to:
https://bugs.launchpad.net/chromium-browser/+bug/577919/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
