[apparmor] Apparmor rules for dconf confinement

William Hua william.hua at canonical.com
Fri Jun 5 14:03:53 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sorry about the delay. Here's a second pass at the original pass, with
fewer memory allocations, and a more general API for requesting data
in general.

The corresponding apparmor branch is at
https://code.launchpad.net/~attente/apparmor/dconf-rules-4.



On 2015-06-05 09:12 AM, Simon McVittie wrote:
> On 05/06/15 12:13, John Johansen wrote:
>> On 05/29/2015 09:29 AM, Simon McVittie wrote:
>>> Here's a sketch of how [polkit mediation] could look, for
>>> instance:
>>> 
>>> audit polkit action=org.freedesktop.udisks2.filesystem-mount, 
>>> audit deny polkit \ 
>>> action=org.freedesktop.udisks2.filesystem-mount-system,
>>> 
>>> or if the syntax in policy files was entirely generic, perhaps
>>> something more like:
>>> 
>>> userspace class=polkit \ 
>>> action=org.freedesktop.udisks2.filesystem-mount, audit deny
>>> userspace class=polkit \ 
>>> action=org.freedesktop.udisks2.filesystem-mount-system,
>>> 
>>> Does this sound like a reasonable generalization?
>>> 
>> generally speaking, yes :)
>> 
>> I can't say when polkit will get patched but I expect it will
>> happen sooner than later.
> 
> If this becomes something that is concretely required, please talk
> to the polkit mailing list - the polkit developers ought to have
> an opportunity to review this. I've subscribed to that list to be
> able to give D-Bus advice.
> 
> My colleague Philip Withnall and I are not (currently) polkit 
> maintainers, but we would potentially be interested in reviewing
> and/or helping with implementation for this feature.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVcaxIAAoJEGaNijJ4Mbw+Fs4H/2D1GO2vh9RR9eg2d2FX26j+
eDq7lqimCk79gDLXlcsgoJSGgsW9wFZHzC25TKnFI3k+HRoIbhLpJ7lL37BGNSFT
tHlOpg4M78tnYXMUfPYge6Oc1e+5VR3UU9YCyLVNO0981+wY6Ek0H5cgiDx9rlOP
Q++qiB+k3HnndyHepRDRbv3Bq3GEsNS8NzcunKumafkzycPyRbzWCg4FMDOpOL3v
X0rHwuY/SL7ElMGINrF/G9RkfXwgWDxRjTl084BuPmL6p4lwl3B5/EdoZd1X5vyo
BliHYaqIyx8Z2XZsndOaSav1hdesu/k65JSjLFDB0RKnTJusbq57tPJvUtHiqsQ=
=rhFQ
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-apparmor-add-data-query-support.patch
Type: text/x-patch
Size: 10737 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150605/53778673/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-apparmor-add-data-query-support.patch.sig
Type: application/pgp-signature
Size: 287 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150605/53778673/attachment.pgp>

More information about the AppArmor mailing list