[Bug 1627304] Re: User locking problems - guest login crashing
** No longer affects: gnome-session (Ubuntu) ** No longer affects: lightdm-gtk-greeter (Ubuntu) ** No longer affects: unity-greeter (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Assigning the lightdm task to Robert for now since he's already fixed it upstream. ** Changed in: lightdm (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => Robert Ancell (robert-ancell) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
@robert-ancell I tested your proposed change to the lightdm AppArmor abstraction and can confirm that it allows the guest session to start for me. Thanks for looking into the denials and getting that fixed! I see that you committed the fix upstream. Do you plan on making another lightdm upload before Yakkety is released in order to fix this bug? -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
** No longer affects: xubuntu-default-settings (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
@robert-ancell - reverted (Xubuntu) to our old default settings, undid this change and everything works as before. Change to xubuntu-default-settings was something pitti appears to have done -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
@robert-ancell - tested that on Xubuntu (bug 1627310) works fine there using something other than light-locker (we have a seperate issue there bug 1622303) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Note you can test changes like this by running: $ sudoedit /etc/apparmor.d/abstractions/lightdm $ sudo systemctl reload apparmor.service -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
** Branch linked: lp:lightdm -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
The following fix to the abstraction seems to fix the issue: === modified file 'data/apparmor/abstractions/lightdm' --- data/apparmor/abstractions/lightdm 2015-10-19 10:44:23 + +++ data/apparmor/abstractions/lightdm 2016-09-28 03:39:54 + @@ -95,7 +95,7 @@ unix (receive) peer=(label=unconfined), unix (create), unix (getattr, getopt, setopt, shutdown), - unix (bind, listen) type=stream addr="@/com/ubuntu/upstart-session/**", + unix (bind, listen, accept, receive, send) type=stream addr="@/com/ubuntu/upstart-session/**", unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix (bind, listen) type=stream addr="@/tmp/.ICE-unix/[0-9]*", unix (bind, listen) type=stream addr="@/dbus-vfs-daemon/*", I figure that something (Unity?) is now making more use of the upstart session. So we need to allow all operations on it. I'm not an upstart expert but I figure this is safe to allow? -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Marking the apparmor task as invalid since the changes will likely need to be made to the profile shipped by lightdm. ** Changed in: apparmor (Ubuntu) Status: Incomplete => Invalid ** Changed in: lightdm (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Thanks, I gave it a shot (after putting the profile into complain mode) and here are the unique denials that I see when starting the guest session: operation="mknod" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/1295/fd/2" pid=1295 comm="lightdm-session" requested_mask="c" denied_mask="c" fsuid=998 ouid=998 operation="mknod" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/1297/fd/2" pid=1297 comm="lightdm-session" requested_mask="c" denied_mask="c" fsuid=998 ouid=998 operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=1446 comm="initctl" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart-session/998/1293" peer_addr=none peer="unconfined" operation="file_perm" profile="/usr/lib/lightdm/lightdm-guest-session" pid=1293 comm="upstart" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send" addr="@/com/ubuntu/upstart-session/998/1293" peer_addr=none peer="unconfined" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=1709 comm="unity-panel-ser" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart-session/998/1293" peer_addr=none peer="unconfined" and when logging out of the guest session: operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=2042 comm="dbus-send" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart-session/998/1293" peer_addr=none peer="unconfined" operation="file_perm" profile="/usr/lib/lightdm/lightdm-guest-session" pid=1293 comm="upstart" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send" addr="@/com/ubuntu/upstart-session/998/1293" peer_addr=none peer="unconfined" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=2046 comm="initctl" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart-session/998/1293" peer_addr=none peer="unconfined" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=1709 comm="unity-panel-ser" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart-session/998/1293" peer_addr=none peer="unconfined" -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Sep 23 21:42:38 wolf-wolf kernel: [ 69.411731] audit: type=1400 audit(1474663358.636:31): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=3713 comm="initctl" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart- session/999/3321" peer_addr=none peer="unconfined" -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
I think this is an issue with the lightdm(-guest-session) apparmor profiles. In dmesg: laney@yakkety-vm:~$ dmesg | grep DENIED [ 142.273990] audit: type=1400 audit(1474905574.718:125): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/sys/kernel/osrelease" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274396] audit: type=1400 audit(1474905574.718:126): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/1/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274428] audit: type=1400 audit(1474905574.718:127): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/2/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274457] audit: type=1400 audit(1474905574.718:128): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/3/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274484] audit: type=1400 audit(1474905574.718:129): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/4/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274513] audit: type=1400 audit(1474905574.718:130): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/5/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274542] audit: type=1400 audit(1474905574.718:131): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/6/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274569] audit: type=1400 audit(1474905574.718:132): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/7/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274598] audit: type=1400 audit(1474905574.718:133): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/8/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 142.274626] audit: type=1400 audit(1474905574.718:134): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/9/cmdline" pid=2167 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 147.434462] audit: type=1400 audit(1474905579.878:282): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=2843 comm="initctl" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart-session/998/2526" peer_addr=none peer="unconfined" [ 147.450970] audit: type=1400 audit(1474905579.894:283): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=2855 comm="initctl" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart-session/998/2526" peer_addr=none peer="unconfined" [ 147.494563] audit: type=1400 audit(1474905579.938:284): apparmor="DENIED" operation="connect" profile="/usr/lib/lightdm/lightdm-guest-session" pid=2871 comm="initctl" family="unix" sock_type="stream" protocol=0 requested_mask="send receive accept" denied_mask="send accept" addr="@/com/ubuntu/upstart-session/998/2526" peer_addr=none peer="unconfined" [ 147.511922] audit: type=1400 audit(1474905579.954:285): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/sys/kernel/osrelease" pid=2879 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 147.512279] audit: type=1400 audit(1474905579.958:286): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/1/cmdline" pid=2879 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 147.512303] audit: type=1400 audit(1474905579.958:287): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/2/cmdline" pid=2879 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 147.512322] audit: type=1400 audit(1474905579.958:288): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/3/cmdline" pid=2879 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 147.512340] audit: type=1400 audit(1474905579.958:289): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/4/cmdline" pid=2879 comm="pkill" requested_mask="r" denied_mask="r" fsuid=998 ouid=0 [ 147.512356] audit: type=1400 audit(1474905579.958:290): apparmor="DENIED" operation="open" profile="/usr/lib/lightdm/light
[Bug 1627304] Re: User locking problems - guest login crashing
(The security team will look soon) ** Changed in: lightdm-gtk-greeter (Ubuntu) Status: Confirmed => Incomplete ** Changed in: xubuntu-default-settings (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Hi - are there any AppArmor denials in the syslog? To check, you can trigger this bug and then look in /var/log/syslog for lines that contain 'apparmor="DENIED"'. Thanks! ** Changed in: apparmor (Ubuntu) Importance: Critical => Undecided ** Changed in: apparmor (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Tested with Ubuntu MATE, and the guest session works fine there, so the issue is probably not caused by lightdm. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
>From Xubuntu, see same symptoms as seen previously - that is, can log in to Guest - logout fails. Dialogue looks ok for us. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
I could reproduce the issue on Ubuntu 16.10. Additional observations: * Logging in to a guest session fails also when you do it from the login screen without being logged in as a regular user, so I doubt that the issue is related to screen locking. * The zenity warning dialog shows up, but without its title bar - can it possibly be compiz related? (The rest of the screen is simply black.) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: xubuntu-default-settings (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: gnome-session (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
In Xubuntu we can login to the gues user desktop - but it crashes on logout rather than logging in. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1627304] Re: User locking problems - guest login crashing
** Also affects: gnome-session (Ubuntu) Importance: Undecided Status: New ** Also affects: xubuntu-default-settings (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1627304 Title: User locking problems - guest login crashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1627304/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs