mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-08 18:31:03 +01:00
46685a5637
Move some of the file rules from the existing permissive session bus abstraction into a new strict session bus abstraction. Leave the dbus-launch rule in the permissive profile since not all applications will need it. The strict abstraction only allows for calling the Hello, AddMatch, RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods that are exported by the D-Bus daemon. The permissive abstraction reuses the strict abstraction and then allows all communications on the session bus. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-By: Jamie Strandboge <jamie@canonical.com>
21 lines
722 B
Text
21 lines
722 B
Text
# vim:syntax=apparmor
|
|
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2011-2013 Canonical Ltd.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
# unique per-machine identifier
|
|
/etc/machine-id r,
|
|
/var/lib/dbus/machine-id r,
|
|
|
|
dbus send
|
|
bus=session
|
|
path=/org/freedesktop/DBus
|
|
interface=org.freedesktop.DBus
|
|
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
|
|
peer=(name=org.freedesktop.DBus),
|