mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

abstractions: dbus session improvement.

Browse source 
- Add full access to unix stream over /tmp/dbus-*
- Add at-spi dbus support

From: https://github.com/roddhjav/apparmor.d
This commit is contained in:
Alexandre Pujol 2023-03-25 13:04:44 +00:00
parent a8d392a204
commit 745b176926
Failed to generate hash of commit
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
profiles/apparmor.d/abstractions/dbus-session-strict
View file

@ -15,9 +15,10 @@
/etc/machine-id r,
/var/lib/dbus/machine-id r,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/dbus-*"),
unix (connect, receive, send, accept) type=stream peer=(addr="@/tmp/dbus-*"),
unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*",
unix (bind, listen) type=stream addr="@/tmp/dbus-*",
# dbus with systemd and --enable-user-session
owner @{run}/user/[0-9]*/bus rw,
@ -29,5 +30,10 @@
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
owner @{run}/user/@{uid}/at-spi/ rw,
owner @{run}/user/@{uid}/at-spi/bus{,_[0-9]*} rw,
owner /tmp/dbus-[0-9a-zA-Z]* rw,
# Include additions to the abstraction
include if exists <abstractions/dbus-session-strict.d>