mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-19 01:18:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): ensure at bus start in the same profile.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-11 22:36:14 +00:00
parent 2acd7d8a10
commit a3f91f4224
Failed to generate hash of commit
1 changed files with 12 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
apparmor.d/groups/freedesktop/at-spi-bus-launcher → apparmor.d/groups/freedesktop/at-spi-bus
View file

@ -8,13 +8,12 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{lib}/{,at-spi2{,-core}/}at-spi-bus-launcher @{exec_path} = @{lib}/{,at-spi2{,-core}/}at-spi-bus-launcher
profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { profile at-spi-bus @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/dbus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/dbus-session> include <abstractions/bus-session>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/X-strict>
network inet stream, # TODO: local only network inet stream, # TODO: local only
network inet6 stream, network inet6 stream,
@ -23,15 +22,16 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=dbus-daemon,
signal (receive) set=(term hup kill) peer=gdm*,
signal (receive) set=(term hup kill) peer=gnome-session-binary, dbus bus=accessibility,
dbus bus=session,
@{exec_path} mr, @{exec_path} mr,
@{bin}/dbus-broker-launch rix, @{bin}/dbus-broker-launch rix,
@{bin}/dbus-daemon rix, @{bin}/dbus-daemon rix,
@{bin}/dbus-broker rix, @{bin}/dbus-broker rix,
@{lib}/at-spi2-registryd rPx, @{lib}/{,at-spi2{,-core}/}at-spi2-registryd rix,
/usr/share/dbus-1/accessibility-services/ r, /usr/share/dbus-1/accessibility-services/ r,
/usr/share/dbus-1/accessibility-services/org.a11y.atspi.Registry.service r, /usr/share/dbus-1/accessibility-services/org.a11y.atspi.Registry.service r,
@ -45,10 +45,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
/var/lib/lightdm/.Xauthority r, /var/lib/lightdm/.Xauthority r,
/var/log/lightdm/seat@{int}-greeter.log w, /var/log/lightdm/seat@{int}-greeter.log w,
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,
owner @{run}/user/@{uid}/at-spi/ rw,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/at-spi/bus_@{int} rw,
@{sys}/kernel/security/apparmor/.access rw, @{sys}/kernel/security/apparmor/.access rw,
@{sys}/kernel/security/apparmor/features/dbus/mask r, @{sys}/kernel/security/apparmor/features/dbus/mask r,
@ -64,5 +61,5 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,
include if exists <local/at-spi-bus-launcher> include if exists <local/at-spi-bus>
} }