[apparmor] [PATCH]: cleanup dbus abstractions
Jamie Strandboge
jamie at canonical.com
Tue Aug 3 15:25:57 BST 2010
I propose the following cleanup to the dbus abstractions, which a) makes
the dbus-session abstraction safer for user applications to use and b)
adds a warning to the dbus abstraction to help people make a more
informed decision when using the dbus abstraction.
I suggest this also be committed to the 2.5 branch.
=== modified file 'profiles/apparmor.d/abstractions/dbus'
--- profiles/apparmor.d/abstractions/dbus 2009-11-04 20:25:42 +0000
+++ profiles/apparmor.d/abstractions/dbus 2010-08-03 14:20:59 +0000
@@ -2,7 +2,7 @@
# $Id$
# ------------------------------------------------------------------
#
-# Copyright (C) 2009 Canonical Ltd.
+# Copyright (C) 2009-2010 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,8 +10,5 @@
#
# ------------------------------------------------------------------
- # System socket
+ # System socket. Be careful when including this abstraction.
/var/run/dbus/system_bus_socket w,
-
- # Machine id
- /var/lib/dbus/machine-id r,
=== modified file 'profiles/apparmor.d/abstractions/dbus-session'
--- profiles/apparmor.d/abstractions/dbus-session 2010-06-22 16:50:31
+0000
+++ profiles/apparmor.d/abstractions/dbus-session 2010-08-03 14:20:13
+0000
@@ -10,5 +10,5 @@
#
# ------------------------------------------------------------------
- #include <abstractions/dbus>
/usr/bin/dbus-launch Pix,
+ /var/lib/dbus/machine-id r,
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100803/12f9d3ec/attachment.pgp
More information about the AppArmor
mailing list