Yves, you removed /etc/apparmor.d/lightdm-guest-session from the package (via a debhelper exclusion directive), but you didn't exclude /etc/apparmor.d/abstractions/lightdm_chromium-browser, which is the profile that was generating the error in the first place >_<
https://packages.debian.org/sid/amd64/lightdm/filelist On Sat, 2014 Jun 7 15:12+0200, intrigeri wrote: > > Good to know. That may be an error on my side, then. May you please > share the exact patch you're applying to the relevant profile(s)? Looks like the errant profiles are going away, but for what it's worth, this is what I did (basically, comment out all "ptrace" and "signal" directives): --- /etc/apparmor.d/abstractions/lightdm_chromium-browser.orig 2014-06-12 00:32:32.000000000 -0400 +++ /etc/apparmor.d/abstractions/lightdm_chromium-browser 2014-06-04 21:03:07.663729440 -0400 @@ -18,10 +18,10 @@ /opt/google/chrome-unstable/google-chrome-unstable Cx -> chromium, # Allow ptracing processes in the chromium child profile - ptrace peer=/usr/lib/lightdm/lightdm-guest-session//chromium, +# ptrace peer=/usr/lib/lightdm/lightdm-guest-session//chromium, # Allow receiving and sending signals to processes in the chromium child profile - signal (receive, send) peer=/usr/lib/lightdm/lightdm-guest-session//chromium, +# signal (receive, send) peer=/usr/lib/lightdm/lightdm-guest-session//chromium, profile chromium { # Allow all the same accesses as other applications in the guest session @@ -39,14 +39,14 @@ @{PROC}/sys/kernel/yama/ptrace_scope r, # Allow ptrace reads of processes in the lightdm-guest-session - ptrace (read) peer=/usr/lib/lightdm/lightdm-guest-session, +# ptrace (read) peer=/usr/lib/lightdm/lightdm-guest-session, # Allow other guest session processes to read and trace us - ptrace (readby, tracedby) peer=/usr/lib/lightdm/lightdm-guest-session, - ptrace (readby, tracedby) peer=@{profile_name}, +# ptrace (readby, tracedby) peer=/usr/lib/lightdm/lightdm-guest-session, +# ptrace (readby, tracedby) peer=@{profile_name}, # Allow us to receive and send signals from processes in the # lightdm-guest-session - signal (receive, send) set=("exists") peer=/usr/lib/lightdm/lightdm-guest-session, +# signal (receive, send) set=("exists") peer=/usr/lib/lightdm/lightdm-guest-session, @{PROC}/[0-9]*/ r, # sandbox wants these @{PROC}/[0-9]*/fd/ r, # sandbox wants these -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org