[apparmor] [PATCH] Allow reading /etc/machine-id in the dbus-session abstraction.
Steve Beattie
steve at nxnw.org
Wed Sep 11 23:01:08 UTC 2013
Sorry for the delay in getting to this.
On Thu, Jul 25, 2013 at 10:52:42AM +0200, intrigeri at debian.org wrote:
> From: intrigeri <intrigeri at boum.org>
>
> D-Bus now uses /etc/machine-id in some cases:
> https://bugs.freedesktop.org/show_bug.cgi?id=35228
> ---
> profiles/apparmor.d/abstractions/dbus-session | 1 +
> 1 file changed, 1 insertion(+)
Acked-by: Steve Beattie <steve at nxnw.org> for both trunk and 2.8.
(I would like to get rid of the dbus-launch permission from the
dbus-session abstraction, as I personally resist using it because that
permission is embedded in there. But's not relevant to whether your
patch is acceptable.)
> diff --git a/profiles/apparmor.d/abstractions/dbus-session b/profiles/apparmor.d/abstractions/dbus-session
> index 8735c1f..b9c872e 100644
> --- a/profiles/apparmor.d/abstractions/dbus-session
> +++ b/profiles/apparmor.d/abstractions/dbus-session
> @@ -10,4 +10,5 @@
> # ------------------------------------------------------------------
>
> /usr/bin/dbus-launch ix,
> + /etc/machine-id r,
> /var/lib/dbus/machine-id r,
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130911/a6ca2ab4/attachment.pgp>
More information about the AppArmor
mailing list