[X2Go-Commits] lightdm-remote-session-x2go.git - build-main (branch) updated: cf7f4899e673b75de49c0cebf46d58f970217145
X2Go dev team
git-admin at x2go.org
Sat Apr 27 13:49:58 CEST 2013
The branch, build-main has been updated
via cf7f4899e673b75de49c0cebf46d58f970217145 (commit)
from a65c4df307ace9ea82e4dcedcf542854f4e187c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 13 +++++--
lightdm-remote-session-freerdp.in | 71 +++++++++++++++++++++++++++++++++++++
2 files changed, 82 insertions(+), 2 deletions(-)
create mode 100644 lightdm-remote-session-freerdp.in
The diff of changes is:
diff --git a/Makefile.am b/Makefile.am
index bf4b300..1af5934 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -18,6 +18,13 @@ freerdp-session: freerdp-session.in
@sed -e "s|\@pkglibexecdir\@|$(pkglibexecdir)|" $< > $@
@chmod +x $@
+apparmordir = $(sysconfdir)/apparmor.d/
+apparmor_DATA = \
+ lightdm-remote-session-freerdp
+
+lightdm-remote-session-freerdp: lightdm-remote-session-freerdp.in
+ @sed -e "s|\@pkglibexecdir\@|$(pkglibexecdir)|" $< > $@
+
pkglibexec_PROGRAMS = \
socket-sucker
socket_sucker_SOURCES = \
@@ -31,11 +38,13 @@ socket_sucker_LDFLAGS = \
EXTRA_DIST = \
$(pam_session_DATA) \
freerdp.desktop.in \
- freerdp-session.in
+ freerdp-session.in \
+ lightdm-remote-session-freerdp.in
CLEANFILES = \
freerdp.desktop \
- freerdp-session
+ freerdp-session \
+ lightdm-remote-session-freerdp
DISTCHECK_CONFIGURE_FLAGS = --enable-localinstall
diff --git a/lightdm-remote-session-freerdp.in b/lightdm-remote-session-freerdp.in
new file mode 100644
index 0000000..38772f2
--- /dev/null
+++ b/lightdm-remote-session-freerdp.in
@@ -0,0 +1,71 @@
+# vim:syntax=apparmor
+# Profile for restricting lightdm remote session for FreeRDP
+# Based on the Guest Account Apparmor script from:
+# Author: Martin Pitt <martin.pitt at ubuntu.com>
+
+#include <tunables/global>
+
+ at pkglibexecdir@/freerdp-session-wrapper {
+ #include <abstractions/authentication>
+ #include <abstractions/nameservice>
+ #include <abstractions/wutmp>
+ /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
+
+ / r,
+ /bin/ rmix,
+ /bin/fusermount Px,
+ /bin/** rmix,
+ /cdrom/ rmix,
+ /cdrom/** rmix,
+ /dev/ r,
+ /dev/** rmw, # audio devices etc.
+ owner /dev/shm/** rmw,
+ /etc/ r,
+ /etc/** rmk,
+ /etc/gdm/Xsession ix,
+ /lib/ r,
+ /lib/** rmixk,
+ /lib32/ r,
+ /lib32/** rmixk,
+ /lib64/ r,
+ /lib64/** rmixk,
+ owner /media/ r,
+ owner /media/** rmwlixk, # we want access to USB sticks and the like
+ /opt/ r,
+ /opt/** rmixk,
+ @{PROC}/ r,
+ @{PROC}/* rm,
+ @{PROC}/asound rm,
+ @{PROC}/asound/** rm,
+ @{PROC}/ati rm,
+ @{PROC}/ati/** rm,
+ owner @{PROC}/** rm,
+ # needed for gnome-keyring-daemon
+ @{PROC}/*/status r,
+ /sbin/ r,
+ /sbin/** rmixk,
+ /sys/ r,
+ /sys/** rm,
+ /tmp/ rw,
+ owner /tmp/** rwlkmix,
+ /usr/ r,
+ /usr/** rmixk,
+ /var/ r,
+ /var/** rmixk,
+ /var/guest-data/** rw, # allow to store files permanently
+ /var/tmp/ rw,
+ owner /var/tmp/** rwlkm,
+ /{,var/}run/ r,
+ # necessary for writing to sockets, etc.
+ /{,var/}run/** rmkix,
+ /{,var/}run/shm/** wl,
+
+ capability ipc_lock,
+
+ # silence warnings for stuff that we really don't want to grant
+ deny capability dac_override,
+ deny capability dac_read_search,
+ #deny /etc/** w, # re-enable once LP#697678 is fixed
+ deny /usr/** w,
+ deny /var/crash/ w,
+}
hooks/post-receive
--
lightdm-remote-session-x2go.git (X2Go-based remote login session support for LightDM)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "lightdm-remote-session-x2go.git" (X2Go-based remote login session support for LightDM).
More information about the x2go-commits
mailing list