lightdm-remote-session-arctica: Fork from latest known version of lightdm-remote-session-x2go.

1 files changed, 0 insertions, 85 deletions

diff --git a/lightdm-remote-session-x2go.in b/lightdm-remote-session-x2go.in
deleted file mode 100644
index db225c3..0000000
--- a/lightdm-remote-session-x2go.in
+++ /dev/null
@@ -1,85 +0,0 @@
-# vim:syntax=apparmor
-# Profile for restricting lightdm remote session for X2Go
-# Based on the Guest Account Apparmor script from:
-# Author: Martin Pitt <martin.pitt@ubuntu.com>
-#         Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-
-#include <tunables/global>
-
-@libexecdir@/x2go-session-wrapper {
-  #include <abstractions/authentication>
-  #include <abstractions/nameservice>
-  #include <abstractions/wutmp>
-  /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
- 
-  / r,
-  /bin/ rmix,
-  /bin/fusermount Px,
-  /bin/** rmix,
-  /cdrom/ rmix,
-  /cdrom/** rmix,
-  /dev/ r,
-  /dev/** rmw, # audio devices etc.
-  owner /dev/shm/** rmw,
-  /etc/ r,
-  /etc/** rmk,
-  /etc/gdm/Xsession ix,
-  /lib/ r,
-  /lib/** rmixk,
-  /lib32/ r,
-  /lib32/** rmixk,
-  /lib64/ r,
-  /lib64/** rmixk,
-  owner /media/ r,
-  owner /media/** rmwlixk,  # we want access to USB sticks and the like
-  /opt/ r,
-  /opt/** rmixk,
-  @{PROC}/ r,
-  @{PROC}/* rm,
-  @{PROC}/asound rm,
-  @{PROC}/asound/** rm,
-  @{PROC}/ati rm,
-  @{PROC}/ati/** rm,
-  owner @{PROC}/** rm,
-  # needed for gnome-keyring-daemon
-  @{PROC}/*/status r,
-  /sbin/ r,
-  /sbin/** rmixk,
-  /sys/ r,
-  /sys/** rm,
-  /tmp/ rw,
-  owner /tmp/** rwlkmix,
-  /usr/ r,
-  /usr/** rmixk,
-  /var/ r,
-  /var/** rmixk,
-  /var/guest-data/** rw, # allow to store files permanently
-  /var/tmp/ rw,
-  owner /var/tmp/** rwlkm,
-  /{,var/}run/ r,
-  # necessary for writing to sockets, etc.
-  /{,var/}run/** rmkix,
-  /{,var/}run/shm/** wl,
-  # access to kernel's UUID generator (required by pyhoca-cli)
-  @{PROC}/sys/kernel/random/uuid r,
-  /var/lib/libuuid/clock.txt rw,
-  /run/systemd/journal/dev-log w,
-  /tmp/**/.x2go-socket r,
-  /tmp/.X11-unix/X[0-9]* wr,
-  /run/uuidd/request w,
-  /proc/sys/kernel/ngroups_max r,
-
-  network,
-
-  dbus(send) bus=session,
-  dbus(send, receive) bus=accessibility,
-
-  capability ipc_lock,
-
-  # silence warnings for stuff that we really don't want to grant
-  deny capability dac_override,
-  deny capability dac_read_search,
-  #deny /etc/** w, # re-enable once LP#697678 is fixed
-  deny /usr/** w,
-  deny /var/crash/ w,
-}