le-conf: Fix guest users unable to see educational content

Signed-off-by: 's avatarDiego Giovane Pasqualin <dpasqualin@c3sl.ufpr.br>
parent 17940d56
Package: le-conf
Priority: important
Section: main
Version: 0.0.24
Version: 0.0.25
Maintainer: LE Maintainer <le-maintainer@c3sl.ufpr.br>
Description: Configuration scripts for Linux Educacional 5
Architecture: i386
......
#!/bin/bash
#
# Copyright (C) 2004-2012 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR
#
# This file is part of le-conf
#
# le-conf is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
# USA.
service apparmor restart
exit 0
......@@ -3,9 +3,9 @@
# Copyright (C) 2004-2012 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR
#
# This file is part of le5-greeter
# This file is part of le-conf
#
# le5-greeter is free software; you can redistribute it and/or
# le-conf is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
......@@ -24,7 +24,7 @@
DIVERTS="/usr/share/applications/mimeapps.list \
/etc/lsb-release\
/etc/default/grub\
/etc/apparmor.d/lightdm-guest-session\
/etc/apparmor.d/abstractions/lightdm\
/etc/xdg/menus/applications.menu\
/etc/init.d/lightdm"
......
......@@ -3,9 +3,9 @@
# Copyright (C) 2004-2012 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR
#
# This file is part of le5-greeter
# This file is part of le-conf
#
# le5-greeter is free software; you can redistribute it and/or
# le-conf is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
......@@ -24,8 +24,8 @@
DIVERTS="/usr/share/applications/mimeapps.list\
/etc/lsb-release\
/etc/default/grub\
/etc/apparmor.d/lightdm-guest-session\
/etc/xdg/menus/applications.menu\
/etc/apparmor.d/abstractions/lightdm\
/etc/init.d/lightdm"
# Divert files:
......
# vim:syntax=apparmor
# Profile for restricting lightdm guest session
# Profile for restricting lightdm guest session
# Author: Martin Pitt <martin.pitt@ubuntu.com>
#include <tunables/global>
# This abstraction provides the majority of the confinement for guest sessions.
# It is in its own abstraction so we can have a centralized place for
# confinement for the various lightdm sessions (guest, freerdp, uccsconfigure,
# etc). Note that this profile intentionally omits chromium-browser.
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper {
#include <abstractions/authentication>
#include <abstractions/nameservice>
#include <abstractions/wutmp>
/etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
/home/ConteudoMEC** r, # let guest users see educational content
/ r,
/bin/ rmix,
/bin/fusermount Px,
......@@ -19,7 +22,6 @@
/dev/ r,
/dev/** rmw, # audio devices etc.
owner /dev/shm/** rmw,
/home/ConteudoMEC** rix, # students must see educational contents
/etc/ r,
/etc/** rmk,
/etc/gdm/Xsession ix,
......@@ -59,6 +61,8 @@
# necessary for writing to sockets, etc.
/{,var/}run/** rmkix,
/{,var/}run/shm/** wl,
# libpam-xdg-support/logind
owner /{,var/}run/user/*/** rw,
capability ipc_lock,
......@@ -68,4 +72,3 @@
#deny /etc/** w, # re-enable once LP#697678 is fixed
deny /usr/** w,
deny /var/crash/ w,
}
C3SL - Centro de Computacao Cientifica e Software Livre
Adriano da Luz
Bruno Cesar Ribas
André P. Ziviani
Andrey Ricardo Pimentel
Anna H. B. Strauch
Bruna M. Da Silva
Carlos Carvalho
Cleide Luzia Bonfim Possamai
Daniel Weingaertner
Diego Giovane Pasqualin
Edemir Maciel
Edileuton H. De Oliveira
Eduardo Almeida
Eduardo Todt
Erik Alexandre Pucci
Fabiano Silva
Isabella S. L. Borges
Jessiel H. Hacke
João G. Pauluk
Juliana Bueno
Klismann Smoger Mottin
Laura Sanchez Garcia
Leticia Mara Peres
Lucas Manika Koeb
Lucas Falcão Radaelli
Lucas Pazelo
Luis Carlos Erpen de Bona
Marcos Castilho
Marcos Sunye
Michael Liang
Thiago Henrique Dos Santos Picharski
Mozart P. Tomazetti
Rogério S. Martins
Thiago A. Salvadori
Thiago H. S. Picharski
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment