mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 09:21:00 +01:00
38aae1d1f0
Move the file rule from the existing permissive system bus abstraction into a new strict system bus abstraction. The strict abstraction only allows for calling the Hello, AddMatch, RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods that are exported by the D-Bus daemon. The permissive abstraction reuses the strict abstraction and then allows all communications on the system bus. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
16 lines
593 B
Text
16 lines
593 B
Text
# vim:syntax=apparmor
|
|
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2009-2013 Canonical Ltd.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
# This abstraction grants full system bus access. Consider using the
|
|
# dbus-strict abstraction for fine-grained bus mediation.
|
|
|
|
#include <abstractions/dbus-strict>
|
|
dbus bus=system,
|