Ubuntu 22.04, second batch

2022-06-02 19:27:15 +03:00 · 2022-06-02 19:27:15 +03:00 · 599ed6464c
commit 599ed6464c
parent 8deddc8a2c
4 changed files with 128 additions and 6 deletions
--- a/apparmor.d/groups/freedesktop/polkitd
+++ b/apparmor.d/groups/freedesktop/polkitd
@ -16,6 +16,7 @@ profile polkitd @{exec_path} {
  capability setuid,
  capability setgid,
  capability sys_ptrace,
+  capability sys_nice,
  audit deny capability net_admin,

  ptrace (read),
@ -53,9 +54,28 @@ profile polkitd @{exec_path} {
  @{run}/systemd/sessions/* r,
  @{run}/systemd/users/@{uid} r,
  @{run}/systemd/userdb/io.systemd.DynamicUser w,
+  @{run}/systemd/userdb/io.systemd.Machine rw,

  # Silencer
  deny /.cache/ rw,

+  # DBus
+  dbus send
+    bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="{GetConnectionUnixProcessID,GetConnectionUnixUser,AddMatch,RemoveMatch,Hello,RequestName}" peer=(name="org.freedesktop.DBus"),
+
+  dbus receive
+    bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.DBus.Properties" member="GetAll" peer=(name=":*"),
+
+  dbus send
+    bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" peer=(name="{org.freedesktop.DBus,:*}"),
+
+  dbus receive
+    bus="system" path="/org/freedesktop/PolicyKit1/Authority" interface="org.freedesktop.PolicyKit1.Authority" member="{EnumerateActions,CheckAuthorization,CancelCheckAuthorization,RegisterAuthenticationAgent}" peer=(name=":*"),
+
+  dbus bind
+    bus="system" name="org.freedesktop.PolicyKit1",
+
+  @{run}/dbus/system_bus_socket rw,
+
  include if exists <local/polkitd>
 }