[apparmor] [PATCH] parser: Add example dbus rule for unconfined peers
Seth Arnold
seth.arnold at canonical.com
Fri May 2 18:55:15 UTC 2014
On Fri, May 02, 2014 at 12:48:42PM -0500, Tyler Hicks wrote:
> It may not be obvious that the peer label can be "unconfined". Provide
> an example rule, in the apparmor.d man page, demonstrating the
> peer=(label=unconfined) conditional.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Reported-by: Alban Crequy <alban.crequy at collabora.co.uk>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
>
> Someone that is quite familiar with AppArmor D-Bus mediation mentioned in IRC
> that he didn't realize that the peer label in dbus rules could be "unconfined".
> That is due to a failure in our documentation. This patch is a quick attempt at
> making it more clear.
>
> parser/apparmor.d.pod | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
> index ff7887d..dd1e6ff 100644
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
> @@ -741,6 +741,9 @@ Example AppArmor DBus rules:
> member=ExampleMethod
> peer=(name=(com.example.ExampleName1|com.example.ExampleName2)),
>
> + # Allow receive access for all unconfined peers
> + dbus receive peer=(label=unconfined)),
> +
> # Allow eavesdropping on the system bus
> dbus eavesdrop bus=system,
>
> --
> 1.9.1
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140502/f8853ec3/attachment.pgp>
More information about the AppArmor
mailing list