[apparmor] [patch] [8/9] Add support for handling dbus rules everywhere

Seth Arnold seth.arnold at canonical.com
Fri May 20 23:19:48 UTC 2016


On Sun, Dec 27, 2015 at 04:12:18PM +0100, Christian Boltz wrote:
> Hello,
> 
> $subject.
> 
> "Everywhere" means aa-mergeprof and aa-cleanprof. In theory also
> aa-logprof, but that needs some code that parses dbus log events ;-)
> 
> Also add some dbus rules to the aa-cleanprof test profiles to ensure
> superfluous dbus rules get deleted.
> 
> 
> [ 59-enable-DbusRule-everywhere.diff ]

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> --- utils/apparmor/aa.py        2015-12-26 16:24:40.246989550 +0100
> +++ utils/apparmor/aa.py        2015-12-26 16:25:29.090656074 +0100
> @@ -62,7 +62,7 @@
>  from apparmor.rule.signal     import SignalRuleset,    SignalRule
>  from apparmor.rule import parse_modifiers, quote_if_needed
>  
> -ruletypes = ['capability', 'change_profile', 'network', 'ptrace', 'rlimit', 'signal']
> +ruletypes = ['capability', 'change_profile', 'dbus', 'network', 'ptrace', 'rlimit', 'signal']
>  
>  from apparmor.yasti import SendDataToYast, GetDataFromYast, shutdown_yast
>  
> === modified file ./utils/test/cleanprof_test.in
> --- utils/test/cleanprof_test.in        2015-12-26 17:39:09.224196858 +0100
> +++ utils/test/cleanprof_test.in        2015-12-26 21:16:59.623391061 +0100
> @@ -22,6 +22,9 @@
>      ptrace tracedby,
>      unix (receive) type=dgram,
>  
> +    dbus send bus=session,
> +    dbus send bus=session peer=(label=foo),
> +
>      set rlimit nofile <= 256,
>      set rlimit nofile <= 64,
>  
> === modified file ./utils/test/cleanprof_test.out
> --- utils/test/cleanprof_test.out       2015-12-26 17:39:09.224196858 +0100
> +++ utils/test/cleanprof_test.out       2015-12-26 18:13:19.051300600 +0100
> @@ -12,6 +12,8 @@
>  
>    network stream,
>  
> +  dbus send bus=session,
> +
>    signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt term trap usr1 usr2),
>  
>    ptrace tracedby,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160520/f7943ecc/attachment.pgp>


More information about the AppArmor mailing list