felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): add some core dbus rules.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-12 23:50:58 +01:00
parent 24056c8cd1
commit 50a18aac08
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
36 changed files with 343 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

24
apparmor.d/groups/systemd/systemd-logind
View file

@ -27,14 +27,14 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
dbus (send,receive) bus=system path=/org/freedesktop/login[0-9]{,/**}
interface=org.freedesktop.{DBus.Properties,DBus.Introspectable,login[0-9].*},
dbus (send,receive) bus=system path=/org/freedesktop/systemd[0-9]/job/**
dbus (send,receive) bus=system path=/org/freedesktop/systemd[0-9]
interface=org.freedesktop.systemd[0-9].Manager
member={StartUnit,StartTransientUnit,Subscribe,JobRemoved,UnitRemoved,Reloading,Subscribe},
dbus (send,receive) bus=system path=/org/freedesktop/systemd[0-9]/{unit,job}/**
interface=org.freedesktop.DBus.Properties
member={Get,PropertiesChanged},
dbus (send,receive) bus=system path=/org/freedesktop/systemd[0-9]/unit/**
interface=org.freedesktop.DBus.Properties
member={PropertiesChanged,Get},
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={GetConnectionCredentials,GetConnectionUnixProcessID,GetConnectionUnixUser,RequestName},
@ -47,10 +47,6 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
interface=org.freedesktop.systemd[0-9].Scope
member=Abandon,
dbus receive bus=system path=/org/freedesktop/systemd[0-9]
interface=org.freedesktop.systemd[0-9].Manager
member={StartUnit,StartTransientUnit,Subscribe,JobRemoved,UnitRemoved,Reloading},
dbus receive bus=system path=/org/freedesktop/systemd[0-9]
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged,
@ -68,8 +64,9 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
/var/lib/systemd/linger/ r,
@{run}/.#nologin* rw,
@{run}/host/container-manager r,
@{run}/nologin rw,
@{run}/utmp rk,
@{run}/udev/tags/master-of-seat/ r,
@ -96,18 +93,19 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
@{run}/systemd/inhibit/ rw,
@{run}/systemd/inhibit/.#* rw,
@{run}/systemd/inhibit/[0-9]*{,.ref} rw,
@{run}/systemd/journal/socket rw,
@{run}/systemd/notify rw,
@{run}/systemd/seats/ rw,
@{run}/systemd/seats/.#seat* rw,
@{run}/systemd/seats/seat[0-9]* rw,
@{run}/systemd/sessions/{,*} rw,
@{run}/systemd/sessions/*.ref rw,
@{run}/systemd/shutdown/.#scheduled* rw,
@{run}/systemd/shutdown/scheduled rw,
@{run}/systemd/users/ rw,
@{run}/systemd/users/.#* rw,
@{run}/systemd/users/@{uid} rw,
@{run}/systemd/journal/socket rw,
@{run}/systemd/notify rw,
@{sys}/class/drm/ r,
@{sys}/devices/**/{uevent,enabled,status} r,
@{sys}/devices/**/brightness rw,