[apparmor] [PATCH] 02/04 abstraction updates for abstract, anonymous and netlink
Jamie Strandboge
jamie at canonical.com
Wed Aug 27 21:47:01 UTC 2014
On 08/27/2014 04:34 PM, Jamie Strandboge wrote:
> Starting a subthread for some additions to John's patches. This series assumes
> John's 12 patches are applied and includes updates to the apparmor.d man page
> and some policy updates. I expect I might have to adjust this a bit, but wanted
> to send it up for comment. Let's have an ACK mean to apply it once it is safe to
> do so.
>
Attached is a patch for:
- the base abstraction for common abstract and anonymous rules (comments
included per rule)
- dbus-session-strict to add a rule for connecting to the dbus session abstract
socket. I used 'peer=(label=unconfined)' here, but I could probably lose the
explicit label if people preferred that
- X to add a rule for connecting to the X abstract socket. Same as for
dbus-session-strict
- nameservice to add a rule for connecting to a netlink raw. This change could
possibly be excluded, but applications using networking (at least on Ubuntu)
all seem to need it. Excluding it would mean systems using nscd would need to
add this and ones not using it would have a noisy denial
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-abstract-policy-updates.patch
Type: text/x-diff
Size: 3061 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140827/3a5d4a11/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140827/3a5d4a11/attachment.pgp>
More information about the AppArmor
mailing list