mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 17:31:01 +01:00
46685a5637
Move some of the file rules from the existing permissive session bus abstraction into a new strict session bus abstraction. Leave the dbus-launch rule in the permissive profile since not all applications will need it. The strict abstraction only allows for calling the Hello, AddMatch, RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods that are exported by the D-Bus daemon. The permissive abstraction reuses the strict abstraction and then allows all communications on the session bus. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-By: Jamie Strandboge <jamie@canonical.com>
17 lines
638 B
Text
17 lines
638 B
Text
# vim:syntax=apparmor
|
|
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2011-2013 Canonical Ltd.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
# This abstraction grants full session bus access. Consider using the
|
|
# dbus-session-strict abstraction for fine-grained bus mediation.
|
|
|
|
#include <abstractions/dbus-session-strict>
|
|
/usr/bin/dbus-launch ix,
|
|
dbus bus=session,
|