Ubuntu: Guest session processes are not confined in 16.10

Processes launched under a lightdm guest session are not confined by the /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10, Ubuntu 17.04, and Ubuntu Artful (current dev release). The processes are unconfined.

The simple test case is to log into a guest session, launch a terminal with ctrl-alt-t, and run the following command:

$ cat /proc/self/attr/current

Expected output, as seen in Ubuntu 16.04 LTS, is:

/usr/lib/lightdm/lightdm-guest-session (enforce)

Running the command inside of an Ubuntu 16.10 and newer guest session results in:

unconfined

Source: Bug #1663157 “Guest session processes are not confined in 16.10 …” : Bugs : lightdm package : Ubuntu

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com

Leave a Reply