[apparmor] [PATCH 1/2] profiles: Allow full dbus access in system and session abstractions
Seth Arnold
seth.arnold at canonical.com
Fri Dec 20 07:04:33 UTC 2013
On Thu, Dec 19, 2013 at 10:06:46PM -0800, Tyler Hicks wrote:
> Before D-Bus mediation support was added to AppArmor, the dbus and
> dbus-session abstractions granted full access to the system and session
> buses, respectively.
>
> In order to continue granting full access to those buses, bus-specific
> D-Bus mediation rules need to be added to the abstractions.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
> ---
> profiles/apparmor.d/abstractions/dbus | 1 +
> profiles/apparmor.d/abstractions/dbus-session | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/profiles/apparmor.d/abstractions/dbus b/profiles/apparmor.d/abstractions/dbus
> index b34c928..129a756 100644
> --- a/profiles/apparmor.d/abstractions/dbus
> +++ b/profiles/apparmor.d/abstractions/dbus
> @@ -11,3 +11,4 @@
>
> # System socket. Be careful when including this abstraction.
> /{,var/}run/dbus/system_bus_socket w,
> + dbus bus=system,
> diff --git a/profiles/apparmor.d/abstractions/dbus-session b/profiles/apparmor.d/abstractions/dbus-session
> index 386a022..76a7bbf 100644
> --- a/profiles/apparmor.d/abstractions/dbus-session
> +++ b/profiles/apparmor.d/abstractions/dbus-session
> @@ -14,3 +14,4 @@
> # unique per-machine identifier
> /etc/machine-id r,
> /var/lib/dbus/machine-id r,
> + dbus bus=session,
> --
> 1.8.3.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131219/0444fc8b/attachment.pgp>
More information about the AppArmor
mailing list