feat(profile): restrict dbus in dbus

even dbus-* profiles do not need access to the full bus.
This commit is contained in:
Alexandre Pujol 2024-09-25 00:48:42 +01:00
parent 69f9e8464f
commit 156cce5362
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
4 changed files with 4 additions and 5 deletions

View File

@ -25,8 +25,7 @@ profile dbus-accessibility @{exec_path} flags=(attach_disconnected) {
signal (receive) set=(term hup kill) peer=dbus-session, signal (receive) set=(term hup kill) peer=dbus-session,
signal (receive) set=(term hup kill) peer=gdm{,-session-worker}, signal (receive) set=(term hup kill) peer=gdm{,-session-worker},
dbus bus=accessibility, #aa:dbus own bus=accessibility name=org.freedesktop.DBus
#aa:dbus own bus=session name=org.a11y.{B,b}us #aa:dbus own bus=session name=org.a11y.{B,b}us
dbus receive bus=session dbus receive bus=session

View File

@ -29,7 +29,7 @@ profile dbus-session flags=(attach_disconnected) {
signal (send) set=(term hup kill) peer=dconf-service, signal (send) set=(term hup kill) peer=dconf-service,
signal (send) set=(term hup kill) peer=xdg-*, signal (send) set=(term hup kill) peer=xdg-*,
dbus bus=session, #aa:dbus own bus=session name=org.freedesktop.DBus
@{exec_path} mrix, @{exec_path} mrix,

View File

@ -32,7 +32,7 @@ profile dbus-system flags=(attach_disconnected) {
ptrace (read) peer=@{p_systemd}, ptrace (read) peer=@{p_systemd},
dbus bus=system, #aa:dbus own bus=system name=org.freedesktop.DBus
@{exec_path} mrix, @{exec_path} mrix,

View File

@ -120,7 +120,7 @@
@{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1] # range 384 to 511 @{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1] # range 384 to 511
# Dbus unique name # Dbus unique name
@{busname}=:1.@{u16} @{busname}=:1.@{u16} :not.active.yet
# Common architecture names # Common architecture names
@{arch}=x86_64 amd64 i386 i686 @{arch}=x86_64 amd64 i386 i686