[apparmor] [PATCH 1/2] profiles: Allow full dbus access in system and session abstractions
Tyler Hicks
tyhicks at canonical.com
Fri Dec 20 06:06:46 UTC 2013
Before D-Bus mediation support was added to AppArmor, the dbus and
dbus-session abstractions granted full access to the system and session
buses, respectively.
In order to continue granting full access to those buses, bus-specific
D-Bus mediation rules need to be added to the abstractions.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
profiles/apparmor.d/abstractions/dbus | 1 +
profiles/apparmor.d/abstractions/dbus-session | 1 +
2 files changed, 2 insertions(+)
diff --git a/profiles/apparmor.d/abstractions/dbus b/profiles/apparmor.d/abstractions/dbus
index b34c928..129a756 100644
--- a/profiles/apparmor.d/abstractions/dbus
+++ b/profiles/apparmor.d/abstractions/dbus
@@ -11,3 +11,4 @@
# System socket. Be careful when including this abstraction.
/{,var/}run/dbus/system_bus_socket w,
+ dbus bus=system,
diff --git a/profiles/apparmor.d/abstractions/dbus-session b/profiles/apparmor.d/abstractions/dbus-session
index 386a022..76a7bbf 100644
--- a/profiles/apparmor.d/abstractions/dbus-session
+++ b/profiles/apparmor.d/abstractions/dbus-session
@@ -14,3 +14,4 @@
# unique per-machine identifier
/etc/machine-id r,
/var/lib/dbus/machine-id r,
+ dbus bus=session,
--
1.8.3.2
More information about the AppArmor
mailing list