mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-21 09:25:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profiles): add some missing dbus rules.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-13 21:41:48 +01:00
parent 6898bac12f
commit 7b0ef88358
Failed to generate hash of commit
10 changed files with 79 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
apparmor.d/groups/apt/apt
View file

@ -29,6 +29,21 @@ profile apt @{exec_path} flags=(attach_disconnected) {
signal (send) peer=apt-methods-*, signal (send) peer=apt-methods-*,
dbus send bus=system path=/org/freedesktop/PackageKit
interface=org.freedesktop.DBus.Introspectable
member=Introspect
peer=(name=org.freedesktop.PackageKit),
dbus send bus=system path=/org/freedesktop/PackageKit
interface=org.freedesktop.PackageKit
member=StateHasChanged
peer=(name=org.freedesktop.PackageKit),
dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member=Inhibit
peer=(name=org.freedesktop.login[0-9]),
@{exec_path} mr, @{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/{,ba,da}sh rix,

12
apparmor.d/groups/apt/unattended-upgrade
View file

@ -27,6 +27,18 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member=Inhibit,
dbus receive bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged,
dbus receive bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member=StateChanged,
@{exec_path} mr, @{exec_path} mr,
/{usr/,}bin/ r, /{usr/,}bin/ r,

16
apparmor.d/groups/apt/unattended-upgrade-shutdown
View file

@ -14,6 +14,22 @@ profile unattended-upgrade-shutdown @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/python> include <abstractions/python>
dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member=Inhibit,
dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.DBus.{Introspectable,Properties}
member={Introspect,Get},
dbus send bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member=PrepareForShutdown,
@{exec_path} mr, @{exec_path} mr,
/{usr/,}bin/ischroot rix, /{usr/,}bin/ischroot rix,

2
apparmor.d/groups/freedesktop/upowerd
View file

@ -34,7 +34,7 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
dbus receive bus=system path=/org/freedesktop/login[0-9] dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager interface=org.freedesktop.login[0-9].Manager
member=SessionNew, member={SessionNew,PrepareForShutdown},
dbus bind bus=system dbus bind bus=system
name=org.freedesktop.UPower, name=org.freedesktop.UPower,

12
apparmor.d/groups/gnome/gnome-shell
View file

@ -56,7 +56,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.{DBus.Properties,Accounts*} interface=org.freedesktop.{DBus.Properties,Accounts*}
member={GetAll,FindUserByName,Changed,PropertiesChanged}, member={GetAll,FindUserByName,Changed,PropertiesChanged},
dbus (send,receive) bus=system path=/org/freedesktop/UPower/{,devices/DisplayDevice} dbus (send,receive) bus=system path=/org/freedesktop/UPower{,/devices/DisplayDevice}
interface=org.freedesktop.DBus.Properties interface=org.freedesktop.DBus.Properties
member={GetAll,PropertiesChanged}, member={GetAll,PropertiesChanged},
@ -72,8 +72,16 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.DBus interface=org.freedesktop.DBus
member=GetConnectionUnixUser, member=GetConnectionUnixUser,
dbus send bus=system path=/org/freedesktop/PackageKit
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus send bus=system path=/org/freedesktop/NetworkManager/Settings/[0-9]*
interface=org.freedesktop.NetworkManager.Settings.Connection
member=GetSettings,
dbus send bus=system path=/org/gnome/DisplayManager/Manager dbus send bus=system path=/org/gnome/DisplayManager/Manager
interface=org.gnome.{DBus.Properties,DisplayManager.Manager} interface=org.{freedesktop.DBus.Properties,gnome.DisplayManager.Manager}
member={RegisterSession,Get,GetAll,OpenReauthenticationChannel} member={RegisterSession,Get,GetAll,OpenReauthenticationChannel}
peer=(name=org.gnome.DisplayManager), peer=(name=org.gnome.DisplayManager),

4
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -41,6 +41,10 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.DBus.Properties interface=org.freedesktop.DBus.Properties
member=Get, member=Get,
dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member=PowerOff,
dbus receive bus=system path=/org/freedesktop/login[0-9] dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager interface=org.freedesktop.login[0-9].Manager
member={SessionNew,SessionRemoved,PrepareForShutdown}, member={SessionNew,SessionRemoved,PrepareForShutdown},

2
apparmor.d/groups/network/ModemManager
View file

@ -37,7 +37,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
dbus receive bus=system path=/org/freedesktop/login[0-9] dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager interface=org.freedesktop.login[0-9].Manager
member={UserNew,SessionNew}, member={UserNew,SessionNew,PrepareForShutdown},
dbus bind bus=system dbus bind bus=system
name=org.freedesktop.ModemManager[0-9], name=org.freedesktop.ModemManager[0-9],

8
apparmor.d/groups/systemd/systemd-oomd
View file

@ -15,6 +15,14 @@ profile systemd-oomd @{exec_path} flags=(attach_disconnected) {
capability dac_override, capability dac_override,
capability kill, capability kill,
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member=RequestName
peer=(name=org.freedesktop.DBus),
dbus bind bus=system
name=org.freedesktop.oom[0-9],
@{exec_path} mr, @{exec_path} mr,
/etc/systemd/oomd.conf r, /etc/systemd/oomd.conf r,

11
apparmor.d/groups/systemd/systemd-resolved
View file

@ -28,6 +28,17 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,GetConnectionUnixUser}
peer=(name=org.freedesktop.DBus),
dbus receive bus=system path=/org/freedesktop/resolve[0-9]
interface=org.freedesktop.resolve[0-9].Manager,
dbus bind bus=system
name=org.freedesktop.resolve[0-9],
@{exec_path} mr, @{exec_path} mr,
/etc/systemd/resolved.conf r, /etc/systemd/resolved.conf r,

2
apparmor.d/groups/ubuntu/packagekitd
View file

@ -46,7 +46,7 @@ profile packagekitd @{exec_path} {
dbus receive bus=system path=/org/freedesktop/login[0-9] dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager interface=org.freedesktop.login[0-9].Manager
member=SessionNew, member={SessionNew,PrepareForShutdown},
dbus bind bus=system dbus bind bus=system
name=org.freedesktop.PackageKit, name=org.freedesktop.PackageKit,