mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-24 14:06:47 +01:00
feat(profile): use new dbus profile in dbus label.
This commit is contained in:
parent
61e2cb55ac
commit
c6717d2bab
32 changed files with 44 additions and 44 deletions
|
@ -5,12 +5,12 @@
|
|||
dbus send bus=accessibility path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
|
||||
peer=(name=org.freedesktop.DBus, label="{dbus-daemon,at-spi-bus-launcher}"),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-accessibility),
|
||||
|
||||
dbus send bus=accessibility path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label="{dbus-daemon,at-spi-bus-launcher}"),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-accessibility),
|
||||
|
||||
owner @{run}/user/@{uid}/at-spi/ rw,
|
||||
owner @{run}/user/@{uid}/at-spi/bus rw,
|
||||
|
|
|
@ -9,12 +9,12 @@
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
/etc/machine-id r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
|
|
@ -5,12 +5,12 @@
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{run}/dbus/system_bus_socket rw,
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus, label="{at-spi-bus-launcher,dbus-daemon}"),
|
||||
peer=(name=org.a11y.Bus, label=dbus-accessibility),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
|
|
|
@ -125,7 +125,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetConnectionUnixUser
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{bin}/systemctl rix,
|
||||
@{bin}/mount rix,
|
||||
|
|
|
@ -43,7 +43,7 @@ profile apt @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus/Bus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixProcessID,GetConnectionUnixUser}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
dbus send bus=system
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
@ -28,7 +28,7 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ profile colord @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
|
|
|
@ -13,8 +13,8 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/bus-session>
|
||||
include <abstractions/dconf-write>
|
||||
|
||||
signal (receive) set=(term kill hup) peer=dbus-daemon,
|
||||
signal (receive) set=(term hup) peer=gdm*,
|
||||
signal (receive) set=(term kill hup) peer=dbus-session,
|
||||
signal (receive) set=(term hup) peer=gdm,
|
||||
|
||||
# dbus: own bus=session name=ca.desrt.dconf
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ profile geoclue @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
@ -26,7 +26,7 @@ profile pipewire-media-session @{exec_path} {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetConnectionUnixProcessID
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
@ -26,7 +26,7 @@ profile polkitd @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixProcessID,GetConnectionUnixUser,GetConnectionCredentials}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
|
|
|
@ -38,7 +38,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixProcessID,GetConnectionUnixUser}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -37,14 +37,14 @@ profile gnome-extension-ding @{exec_path} {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus*
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus*
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/metadata
|
||||
interface=org.gtk.vfs.Metadata
|
||||
|
|
|
@ -40,7 +40,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID,UpdateActivationEnvironment}
|
||||
peer=(name=org.freedesktop.DBus label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus label=dbus-session),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.login1.Manager
|
||||
|
|
|
@ -144,22 +144,22 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID,GetNameOwner,ListNames}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
## Session bus
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID,GetNameOwner,ListNames}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
dbus send bus=session path=/
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixProcessID,GetNameOwner,ListNames}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
|
@ -202,7 +202,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
dbus send bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/
|
||||
interface=org.freedesktop.DBus
|
||||
member=ListNames
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus send bus=session path=/org/gnome/SettingsDaemon/Power
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
|
@ -41,7 +41,7 @@ profile gsd-xsettings @{exec_path} {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetId
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member={GetAll,ListActivatableNames}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Notifications
|
||||
interface=org.gtk.Notifications
|
||||
|
@ -67,12 +67,12 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=ListActivatableNames
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/dbus
|
||||
interface=org.freedesktop.DBus
|
||||
member=NameHasOwner
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ profile ssh-agent-launch @{exec_path} {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=UpdateActivationEnvironment
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/systemd1
|
||||
interface=org.freedesktop.systemd1.Manager
|
||||
|
|
|
@ -30,7 +30,7 @@ profile busctl @{exec_path} {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus.Monitoring
|
||||
member=BecomeMonitor
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetConnectionUnixUser
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID,GetConnectionCredentials}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ profile engrampa @{exec_path} {
|
|||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetId
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/Application/anonymous
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
|
@ -38,7 +38,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/UDisks2/Manager
|
||||
interface=org.freedesktop.UDisks2.Manager
|
||||
|
|
|
@ -42,7 +42,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ profile rtkit-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
|
|||
dbus send bus=system path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={GetConnectionUnixUser,GetConnectionUnixProcessID}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-system),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
Loading…
Reference in a new issue