mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
feat(profile): restrict dbus in dbus
even dbus-* profiles do not need access to the full bus.
This commit is contained in:
parent
69f9e8464f
commit
156cce5362
@ -25,8 +25,7 @@ profile dbus-accessibility @{exec_path} flags=(attach_disconnected) {
|
|||||||
signal (receive) set=(term hup kill) peer=dbus-session,
|
signal (receive) set=(term hup kill) peer=dbus-session,
|
||||||
signal (receive) set=(term hup kill) peer=gdm{,-session-worker},
|
signal (receive) set=(term hup kill) peer=gdm{,-session-worker},
|
||||||
|
|
||||||
dbus bus=accessibility,
|
#aa:dbus own bus=accessibility name=org.freedesktop.DBus
|
||||||
|
|
||||||
#aa:dbus own bus=session name=org.a11y.{B,b}us
|
#aa:dbus own bus=session name=org.a11y.{B,b}us
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
|
@ -29,7 +29,7 @@ profile dbus-session flags=(attach_disconnected) {
|
|||||||
signal (send) set=(term hup kill) peer=dconf-service,
|
signal (send) set=(term hup kill) peer=dconf-service,
|
||||||
signal (send) set=(term hup kill) peer=xdg-*,
|
signal (send) set=(term hup kill) peer=xdg-*,
|
||||||
|
|
||||||
dbus bus=session,
|
#aa:dbus own bus=session name=org.freedesktop.DBus
|
||||||
|
|
||||||
@{exec_path} mrix,
|
@{exec_path} mrix,
|
||||||
|
|
||||||
|
@ -32,7 +32,7 @@ profile dbus-system flags=(attach_disconnected) {
|
|||||||
|
|
||||||
ptrace (read) peer=@{p_systemd},
|
ptrace (read) peer=@{p_systemd},
|
||||||
|
|
||||||
dbus bus=system,
|
#aa:dbus own bus=system name=org.freedesktop.DBus
|
||||||
|
|
||||||
@{exec_path} mrix,
|
@{exec_path} mrix,
|
||||||
|
|
||||||
|
@ -120,7 +120,7 @@
|
|||||||
@{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1] # range 384 to 511
|
@{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1] # range 384 to 511
|
||||||
|
|
||||||
# Dbus unique name
|
# Dbus unique name
|
||||||
@{busname}=:1.@{u16}
|
@{busname}=:1.@{u16} :not.active.yet
|
||||||
|
|
||||||
# Common architecture names
|
# Common architecture names
|
||||||
@{arch}=x86_64 amd64 i386 i686
|
@{arch}=x86_64 amd64 i386 i686
|
||||||
|
Loading…
Reference in New Issue
Block a user