Create a new strict accessibility bus abstraction.
The strict abstraction only allows for calling the Hello, AddMatch,
RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods
that are exported by the D-Bus daemon.
The permissive abstraction reuses the strict abstraction and then allows
all communications on the accessibility bus.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Move some of the file rules from the existing permissive session bus
abstraction into a new strict session bus abstraction. Leave the
dbus-launch rule in the permissive profile since not all applications
will need it.
The strict abstraction only allows for calling the Hello, AddMatch,
RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods
that are exported by the D-Bus daemon.
The permissive abstraction reuses the strict abstraction and then allows
all communications on the session bus.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
Move the file rule from the existing permissive system bus abstraction
into a new strict system bus abstraction.
The strict abstraction only allows for calling the Hello, AddMatch,
RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods
that are exported by the D-Bus daemon.
The permissive abstraction reuses the strict abstraction and then allows
all communications on the system bus.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
The AppArmor kernel now checks for both read and write permissions when
a process calls connect() on a UNIX domain socket.
The patch updates four abstractions that were found to be needing
changes after the change in AF_UNIX kernel mediation.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
The accessibility bus uses an abstract socket, so there hasn't been a
need for an accessibility bus abstraction in the past. Now that D-Bus
mediation is supported, an abstraction becomes a useful place to put
accessibility bus D-Bus rules.
This patch follows the lead of the dbus and dbus-session abstraction by
granting full access to the accessibility bus.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Before D-Bus mediation support was added to AppArmor, the dbus and
dbus-session abstractions granted full access to the system and session
buses, respectively.
In order to continue granting full access to those buses, bus-specific
D-Bus mediation rules need to be added to the abstractions.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
update-ca-certificates (from ca-certificates-1_201310161709-1.1.noarch)
stores certs in this directory now.
References: https://bugzilla.novell.com/show_bug.cgi?id=852018
Acked-by: Seth Arnold <seth.arnold@canonical.com>
dnsmasq needs read access to more files in /var/lib/libvirt/dnsmasq/
(at least *.conf and *.addnhosts)
Since this directory contains only files that are intended for dnsmasq
(also confirmed by Jim Fehlig, the SUSE libvirt maintainer), the best
way is to just allow "/var/lib/libvirt/dnsmasq/* r,"
References: https://bugzilla.novell.com/show_bug.cgi?id=848215
+1'd for trunk and 2.8 by Jamie Strandboge <jamie@canonical.com>
$HOME/.config/fontconfig/conf.d/* and
$HOME/.config/fontconfig/fonts.conf
/etc/fonts/conf.d/50-user.conf:
<!--
Load per-user customization files where stored on XDG Base Directory
specification compliant places. it should be usually:
$HOME/.config/fontconfig/conf.d
$HOME/.config/fontconfig/fonts.conf
-->
<include ignore_missing="yes" prefix="xdg">fontconfig/conf.d</include>
<include ignore_missing="yes" prefix="xdg">fontconfig/fonts.conf</include>
abstractions/fonts should allow read access to those files:
From: Felix Geyer debfx@ubuntu.com
Acked-by: John Johansen <john.johansen@canonical.com>
From: Kshitij Gupta <kgupta8592@gmail.com>
This patch removes:-
2 rules covered by abstractions in smbd profile:
- /var/log/samba/cores/smbd/ rw and /var/log/samba/cores/smbd/** rw
are in abstractions/samba covered by /var/log/samba/cores/** rw
1 superfluous rule:
- /var/lib/samba/printers/** rw is covered by /var/lib/samba/** rwk
Acked-by: Steve Beattie <steve@nxnw.org>
An abstraction to grant the ability to query dconf settings. It does
not grant the ability to update or add settings, due to our current
inability to restrict where within the dconf hierarchy updates
can occur.
From: intrigeri <intrigeri@boum.org>
Acked-by: Steve Beattie <steve@nxnw.org>
From: Kshitij Gupta <kgupta8592@gmail.com>
This patch removes rules covered by abstractions in nscd profile:
- the network rules are in abstractions/nameservice
- @{PROC}/filesystems is in abstractions/base
- /{,var/}run/avahi-daemon/socket is in abstractions/nameservice
- /tmp/.winbindd/pipe and /var/lib/samba/winbindd_privileged/pipe are
in abstractions/winbind via abstractions/nameservice
Acked-by: Steve Beattie <steve@nxnw.org>
covered by abstractions:
- the network rules are in abstractions/nameservice
- /etc/gai.conf is also in abstractions/nameservice
- @{PROC}/sys/kernel/ngroups_max is in abstractions/base
Acked-by: Steve Beattie <steve@nxnw.org>
Patch-Author: Stefan Seyfried <seife+obs@b1-systems.com>
After this change in ntp:
* Mo Aug 19 2013 crrodriguez@opensuse.org
- Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
the system's openssl configuration.
we need to read openssl.cnf or starting of ntpd will fail silently(!)
Patch v2 by Christian Boltz: use abstractions/openssl instead of
allowing /etc/ssl/openssl.cnf directly
Acked-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
When dnsmasq is started with the --enable-dbus option, it uses the
system bus.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
Debian sid's fonts-mathjax ships fonts in
/usr/share/javascript/mathjax/fonts, that are now used by default by
fontconfig-enabled software.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
At least on Debian, with recent versions of fontconfig-config
(>= 2.10), files in /etc/fonts/conf.d/ are symlinks pointing to
/usr/share/fontconfig/.
This was reported by Jakub Wilk <jwilk@debian.org> on Debian bug #714843.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
abstractions/ubuntu-browsers.d/ubuntu-integration.
Patch by Felix Geyer <debfx@ubuntu.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
abstractions/mysql contains
/var/lib/mysql/mysql.sock rw,
/usr/share/mysql/charsets/ r,
/usr/share/mysql/charsets/*.xml r,
but the files moved (at least on openSUSE) to
/usr/share/mysql-community-server/charsets/*.xml
/var/run/mysql/mysql.sock
This causes denials for all applications using MySQL on 12.2 and
Factory.
MariaDB has the *.xml files in
/usr/share/mariadb/charsets/*.xml
and also seems to use /var/run/mysql/ for the socket.
Since MariaDB is basically a drop-in replacement for MySQL, it makes
sense to allow access to it via abstractions/mysql.
References: https://bugzilla.novell.com/show_bug.cgi?id=798183
Acked-by: Seth Arnold <seth.arnold@canonical.com>
I was testing out a profile for pulseaudio and hit an issue where my
pulseaudio process was getting the firefox profile applied to it. This
is because in abstractions/ubuntu-browsers.d/multimedia the rule for
pulseaudio is /usr/bin/pulseaudio ixr; attached is a patch to change it
to Pixr, so as to use a global pulseaudio policy if it exists.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
From: Simon Deziel <simon.deziel@gmail.com>
A fair number of the rules that apply to files in @{HOME} predate the
existence of the 'owner' qualifier. This patch adds the 'owner'
qualifier in several places.
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
target in the profiles Makefile, for future archaeological spelunking.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This patch adds the kernelvars tunable to the global set that is usually
included by default in apparmor policies. It then converts the rules
that are intended to match /proc/pid to use this tunable.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
This patch finishes the conversion from /proc to the @{PROC}
tunable within profiles and abstractions. It also adjusts some of
the /proc/*/something usages to @{PROC}/[0-9]*/something to restrict
things to just the /proc/pid directories. (A followup patch will
convert these to use @{pid} from the kernelvars tunable.)
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
In testing the skype profile, I found access to my @{HOME}/.XCompose
was being rejected. This patch updates the X abstraction to take a
user's defined XCompose key shortcuts into account.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
Author: Jamie Strandboge <jamie@canonical.com>
Bug-Ubuntu: https://launchpad.net/bugs/933440 Forwarded: yes
This is a very slightly updated version of the skype profile
update that Jamie Strandboge submitted, but did not get a review.
The only addition over the previously submitted version is rw access
to @{HOME}/.config/Skype/Skype.conf.
(This commit incorporates the additional @{HOME}/.kde4 change proposed
by Christian Boltz <apparmor@cboltz.de>)
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
The apparmor_api abstractions make the mistake of including tunables
directly, which is a no-no since the variable definitions in tunables
need to occur in the preamble of a profile, not embedded within it.
This patch removes those includes, and replaces them documentation of
tunables are necessary, as some of the expected ones are not part of
tunables/global.
It also adjust the kernelvars tunable's definition of the @{pid}
regex, as the current parser does not support nesting of {} groupings,
which breaks any profile that attempts to use the tunable.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
This patch modifies the nvidia abstraction to add the livdpau wrapper
config file for nvidia workarounds. It also converts the /proc/
rules to use the @{PROC} tunable. And finally, it converts the
ubuntu-browsers.d/multimedia abstraction to use the nvidia abstraction.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
This patch separates out make check in the profiles/ directory into
two sub targets, for checking profiles against the built parser
and aa-logprof respectively. The logprof check currently makes some
assumptions about the environment that make it difficult to run in
a minimal chroot environment.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
When I corrected the profiles/Makefile to automatically find files to
install, I converted one variable name but missed a later location where
that variable was used, which broke the 'make check' target, because
directories would be handed to the apparmor parser. This patch corrects
that and also makes the VERBOSE flag report each profile name as it's
being handed to the parser.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
