File: lightdm-guest-session.in

package info (click to toggle)
lightdm 1.18.3-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 8,028 kB
  • ctags: 3,701
  • sloc: ansic: 26,653; sh: 4,811; makefile: 1,266; cpp: 1,162; python: 258; xml: 19
file content (24 lines) | stat: -rw-r--r-- 728 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# vim:syntax=apparmor
# Profile for restricting lightdm guest session

#include <tunables/global>

@libexecdir@/lightdm-guest-session {
  # Most applications are confined via the main abstraction
  #include <abstractions/lightdm>

  # chromium-browser needs special confinement due to its sandboxing
  #include <abstractions/lightdm_chromium-browser>

  # fcitx and friends needs special treatment due to C/S design
  /usr/bin/fcitx ix,
  /tmp/fcitx-socket-* rwl,
  /dev/shm/* rwl,
  /usr/bin/fcitx-qimpanel ix,
  /usr/bin/sogou-qimpanel-watchdog ix,
  /usr/bin/sogou-sys-notify ix,
  /tmp/sogou-qimpanel:* rwl,

  # mozc_server needs special treatment due to C/S design
  unix (bind, listen) type=stream addr="@tmp/.mozc.*",
}