mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge aa-notify: rename polkit files and template info from com.ubuntu

Browse source 
We should be using apparmor controlled domains for these files.

Rename the template file from
  com.ubuntu.pkexec.aa-notify.policy
to
  net.apparmor.pkexec.aa-notify.policy

And update the template file and the install file so that the files
that are generated use net.apparmor instead of com.ubuntu

Signed-off-by: John Johansen <john.johansen@canonical.com>

Closes #486
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1541
Approved-by: Ryan Lee <rlee287@yahoo.com>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2025-02-15 01:23:40 +00:00
commit e085a23b40
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
utils/com.ubuntu.pkexec.aa-notify.policy → utils/net.apparmor.pkexec.aa-notify.policy
View file

@ -4,7 +4,7 @@
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig> <policyconfig>
<action id="com.ubuntu.pkexec.aa-notify.modify_profile"> <action id="net.apparmor.pkexec.aa-notify.modify_profile">
<description>AppArmor: modifying security profile</description> <description>AppArmor: modifying security profile</description>
<message>To modify an AppArmor security profile, you need to authenticate.</message> <message>To modify an AppArmor security profile, you need to authenticate.</message>
<defaults> <defaults>
@ -15,7 +15,7 @@
<annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate> <annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>
<annotate key="org.freedesktop.policykit.exec.argv1">add_rule</annotate> <annotate key="org.freedesktop.policykit.exec.argv1">add_rule</annotate>
</action> </action>
<action id="com.ubuntu.pkexec.aa-notify.create_userns"> <action id="net.apparmor.pkexec.aa-notify.create_userns">
<description>AppArmor: adding userns profile</description> <description>AppArmor: adding userns profile</description>
<message>To allow a program to use unprivileged user namespaces, you need to authenticate.</message> <message>To allow a program to use unprivileged user namespaces, you need to authenticate.</message>
<defaults> <defaults>
@ -26,7 +26,7 @@
<annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate> <annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>
<annotate key="org.freedesktop.policykit.exec.argv1">create_userns</annotate> <annotate key="org.freedesktop.policykit.exec.argv1">create_userns</annotate>
</action> </action>
<action id="com.ubuntu.pkexec.aa-notify.from_file"> <action id="net.apparmor.pkexec.aa-notify.from_file">
<description>AppArmor: Modifying profile from file</description> <description>AppArmor: Modifying profile from file</description>
<message>To modify an AppArmor security profile from file, you need to authenticate.</message> <message>To modify an AppArmor security profile from file, you need to authenticate.</message>
<defaults> <defaults>

2
utils/python-tools-setup.py
View file

@ -68,7 +68,7 @@ class Install(_install):
print('changing mode of {} to 755'.format(update_profile_path)) print('changing mode of {} to 755'.format(update_profile_path))
os.chmod(update_profile_path, 0o755) os.chmod(update_profile_path, 0o755)
pkexec_action_name = 'com.ubuntu.pkexec.aa-notify.policy' pkexec_action_name = 'net.apparmor.pkexec.aa-notify.policy'
print('Installing {} to /usr/share/polkit-1/actions/ mode 644'.format(pkexec_action_name)) print('Installing {} to /usr/share/polkit-1/actions/ mode 644'.format(pkexec_action_name))
with open(pkexec_action_name, 'r') as f: with open(pkexec_action_name, 'r') as f:
polkit_template = f.read() polkit_template = f.read()