From b396c574a0c3373d3b807e5ea629670cf7cc6150 Mon Sep 17 00:00:00 2001
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Thu, 8 Nov 2012 22:27:01 +0100
Subject: fork lightdm-remote-session-freerdp as lightdm-remote-session-x2go

---
 lightdm-remote-session-freerdp.in | 71 ---------------------------------------
 1 file changed, 71 deletions(-)
 delete mode 100644 lightdm-remote-session-freerdp.in

(limited to 'lightdm-remote-session-freerdp.in')

diff --git a/lightdm-remote-session-freerdp.in b/lightdm-remote-session-freerdp.in
deleted file mode 100644
index 38772f2..0000000
--- a/lightdm-remote-session-freerdp.in
+++ /dev/null
@@ -1,71 +0,0 @@
-# vim:syntax=apparmor
-# Profile for restricting lightdm remote session for FreeRDP
-# Based on the Guest Account Apparmor script from:
-# Author: Martin Pitt <martin.pitt@ubuntu.com>
-
-#include <tunables/global>
-
-@pkglibexecdir@/freerdp-session-wrapper {
-  #include <abstractions/authentication>
-  #include <abstractions/nameservice>
-  #include <abstractions/wutmp>
-  /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
- 
-  / r,
-  /bin/ rmix,
-  /bin/fusermount Px,
-  /bin/** rmix,
-  /cdrom/ rmix,
-  /cdrom/** rmix,
-  /dev/ r,
-  /dev/** rmw, # audio devices etc.
-  owner /dev/shm/** rmw,
-  /etc/ r,
-  /etc/** rmk,
-  /etc/gdm/Xsession ix,
-  /lib/ r,
-  /lib/** rmixk,
-  /lib32/ r,
-  /lib32/** rmixk,
-  /lib64/ r,
-  /lib64/** rmixk,
-  owner /media/ r,
-  owner /media/** rmwlixk,  # we want access to USB sticks and the like
-  /opt/ r,
-  /opt/** rmixk,
-  @{PROC}/ r,
-  @{PROC}/* rm,
-  @{PROC}/asound rm,
-  @{PROC}/asound/** rm,
-  @{PROC}/ati rm,
-  @{PROC}/ati/** rm,
-  owner @{PROC}/** rm,
-  # needed for gnome-keyring-daemon
-  @{PROC}/*/status r,
-  /sbin/ r,
-  /sbin/** rmixk,
-  /sys/ r,
-  /sys/** rm,
-  /tmp/ rw,
-  owner /tmp/** rwlkmix,
-  /usr/ r,
-  /usr/** rmixk,
-  /var/ r,
-  /var/** rmixk,
-  /var/guest-data/** rw, # allow to store files permanently
-  /var/tmp/ rw,
-  owner /var/tmp/** rwlkm,
-  /{,var/}run/ r,
-  # necessary for writing to sockets, etc.
-  /{,var/}run/** rmkix,
-  /{,var/}run/shm/** wl,
-
-  capability ipc_lock,
-
-  # silence warnings for stuff that we really don't want to grant
-  deny capability dac_override,
-  deny capability dac_read_search,
-  #deny /etc/** w, # re-enable once LP#697678 is fixed
-  deny /usr/** w,
-  deny /var/crash/ w,
-}
-- 
cgit v1.2.3