felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): add some core dbus rules.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-12 23:50:58 +01:00
parent 24056c8cd1
commit 50a18aac08
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
36 changed files with 343 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

30
apparmor.d/groups/network/ModemManager
View file

@ -14,6 +14,34 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
network netlink raw,
dbus send bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member=Inhibit,
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,ReleaseName}
peer=(name=org.freedesktop.DBus),
dbus receive bus=system path=/org/freedesktop/ModemManager[0-9]
interface=org.freedesktop.DBus.ObjectManager
member=GetManagedObjects,
dbus receive bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
interface=org.freedesktop.PolicyKit[0-9].Authority
member=Changed,
dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member={UserNew,SessionNew},
dbus bind bus=system
name=org.freedesktop.ModemManager[0-9],
@{exec_path} mr,
@{run}/udev/data/+pci:* r,
@ -22,6 +50,8 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/c5:[0-9]* r, # for /dev/tty, /dev/console, /dev/ptmx
@{run}/udev/data/n[0-9]* r,
@{run}/systemd/inhibit/*.ref rw,
@{sys}/bus/ r,
@{sys}/class/ r,
@{sys}/class/net/ r,

17
apparmor.d/groups/network/NetworkManager
View file

@ -40,7 +40,15 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
dbus (send,receive) bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
interface=org.freedesktop.PolicyKit[0-9].Authority
member={Changed,CheckAuthorization},
member={Changed,CheckAuthorization,CancelCheckAuthorization},
dbus (send,receive) bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member={SessionRemoved,UserNew,SessionNew,Inhibit,PrepareForShutdown},
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={RequestName,GetConnectionUnixUser,GetConnectionUnixProcessID},
dbus send bus=system path=/org/freedesktop
interface=org.freedesktop.DBus.ObjectManager
@ -57,7 +65,8 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
dbus send bus=system path=/org/freedesktop/resolve[0-9]
interface=org.freedesktop.resolve[0-9].Manager
member=SetLink*,
member={SetLink*,ResolveHostname},
# org.freedesktop.resolve1
dbus send bus=system path=/org/freedesktop/hostname[0-9]
interface=org.freedesktop.DBus.Properties
@ -71,10 +80,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.DBus.ObjectManager
member=GetManagedObjects,
dbus receive bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager
member={SessionRemoved,UserNew,SessionNew,Inhibit},
dbus bind bus=system
name=org.freedesktop.NetworkManager,