felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): initial dbus rules for systemd profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-05 14:53:10 +01:00
parent 7a18cfed40
commit f6b6e99cde
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
5 changed files with 80 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

29
apparmor.d/groups/systemd/systemd-localed
View file

@ -1,6 +1,6 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# 2021 Alexandre Pujol <alexandre@pujol.io>
# Copyright (C) 2018-2022 Mikhail Morfikov
# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
@ -15,20 +15,29 @@ profile systemd-localed @{exec_path} flags=(attach_disconnected) {
include <abstractions/systemd-common>
# Needed?
audit deny capability net_admin,
audit capability net_admin,
dbus send bus=system path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member=ReleaseName,
dbus receive bus=system path=/org/freedesktop/locale[0-9]
interface=org.freedesktop.DBus.Properties
member=GetAll,
@{exec_path} mr,
/etc/default/keyboard r,
/etc/default/locale rw,
/etc/default/.#locale* rw,
/etc/locale.conf r,
/etc/vconsole.conf r,
/usr/share/systemd/language-fallback-map r,
/usr/share/X11/xkb/rules/evdev r,
/etc/default/.#locale* rw,
/etc/default/keyboard r,
/etc/default/locale rw,
/etc/locale.conf r,
/etc/vconsole.conf r,
/etc/X11/xorg.conf.d/*.conf r,
@{run}/systemd/notify rw,
include if exists <local/systemd-localed>
}