feat(profiles): improve dbus related rules.

2023-08-27 14:46:49 +01:00 · 2023-08-27 14:46:49 +01:00 · 19331acaa9
commit 19331acaa9
parent 2db6b12a9b
12 changed files with 70 additions and 29 deletions
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@ -26,14 +26,14 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {

  network netlink raw,

-  dbus (send,receive) bus=system path=/org/freedesktop/login[0-9]{,/**}
+  dbus (send,receive) bus=system path=/org/freedesktop/login1{,/**}
       interface=org.freedesktop.{DBus.Properties,DBus.Introspectable,login[0-9].*},

-  dbus (send,receive) bus=system path=/org/freedesktop/systemd[0-9]
+  dbus (send,receive) bus=system path=/org/freedesktop/systemd1
       interface=org.freedesktop.systemd[0-9].Manager
       member={StartUnit,StartTransientUnit,Subscribe,JobRemoved,UnitRemoved,Reloading,Subscribe,StopUnit},

-  dbus (send,receive) bus=system path=/org/freedesktop/systemd[0-9]/{unit,job}/**
+  dbus (send,receive) bus=system path=/org/freedesktop/systemd1/{unit,job}/**
       interface=org.freedesktop.DBus.Properties
       member={Get,PropertiesChanged},

@ -41,15 +41,15 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
       interface=org.freedesktop.DBus
       member={GetConnectionCredentials,GetConnectionUnixProcessID,GetConnectionUnixUser,RequestName},

-  dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
+  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
       interface=org.freedesktop.PolicyKit[0-9].Authority
       member=CheckAuthorization,

-  dbus send bus=system path=/org/freedesktop/systemd[0-9]/unit/**
+  dbus send bus=system path=/org/freedesktop/systemd1/unit/**
       interface=org.freedesktop.systemd[0-9].Scope
       member=Abandon,

-  dbus receive bus=system path=/org/freedesktop/systemd[0-9]
+  dbus receive bus=system path=/org/freedesktop/systemd1
       interface=org.freedesktop.DBus.Properties
       member=PropertiesChanged,

@ -57,8 +57,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
       interface=org.freedesktop.DBus.Properties
       member=Get,

-  dbus bind bus=system 
-       name=org.freedesktop.login[0-9],
+  dbus bind bus=system name=org.freedesktop.login1,

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-timesyncd
+++ b/apparmor.d/groups/systemd/systemd-timesyncd
@ -26,8 +26,7 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
       member={RequestName,ReleaseName}
       peer=(name=org.freedesktop.DBus, label=dbus-daemon),

-  dbus bind bus=system
-       name=org.freedesktop.timesync1,
+  dbus bind bus=system name=org.freedesktop.timesync1,

  @{exec_path} mr,