feat(dbus): rewrite some dbus rules (8).

2023-12-05 21:27:03 +00:00 · 2023-12-05 21:27:03 +00:00 · 6a3cc952e1
commit 6a3cc952e1
parent c4b48b06e2
12 changed files with 32 additions and 101 deletions
--- a/apparmor.d/groups/systemd/systemd-machined
+++ b/apparmor.d/groups/systemd/systemd-machined
@ -24,6 +24,14 @@ profile systemd-machined @{exec_path} {
  capability sys_chroot,
  capability sys_ptrace,

+  dbus bind bus=system name=org.freedesktop.machine1,
+  dbus receive bus=system path=/org/freedesktop/machine1{,/**}
+       interface=org.freedesktop.machine1.Manager
+       peer=(name=:*),
+  dbus receive bus=system path=/org/freedesktop/machine1{,/**}
+       interface=org.freedesktop.DBus.Properties
+       peer=(name=:*),
+
  dbus send bus=system path=/org/freedesktop/systemd1/{,{unit,job}/*}
       interface=org.freedesktop.DBus.Properties
       member=Get
@ -44,19 +52,6 @@ profile systemd-machined @{exec_path} {
       member={JobRemoved,UnitRemoved,Reloading}
       peer=(name=:*),

-  dbus receive bus=system path=/org/freedesktop/machine1
-       interface=org.freedesktop.machine1.Manager
-       member={TerminateMachine,GetMachineByPID,CreateMachineWithNetwork}
-       peer=(name=:*, label=libvirtd),
-
-  dbus receive bus=system path=/org/freedesktop/machine1/machine/*
-       interface=org.freedesktop.DBus.Properties
-       member=Get
-       peer=(name=:*, label=libvirtd),
-
-  dbus bind bus=system
-       name=org.freedesktop.machine1,
-
  @{exec_path} mr,

  /var/lib/machines/{,**} rw,