[apparmor] [PATCH] update gnome abstraction for unix
Jamie Strandboge
jamie at canonical.com
Mon Oct 6 18:19:07 UTC 2014
On Ubuntu, users are seeing the following denial on remote webdav shares:
apparmor="DENIED" operation="connect" profile="/usr/bin/evince" pid=18278
comm="EvJobScheduler" family="unix" sock_type="stream" protocol=0
requested_mask="send receive connect" denied_mask="send connect" addr=none
peer_addr="@/dbus-vfs-daemon/socket-8Ij86BjH" peer="unconfined"
This patch updates the gnome abstraction to have:
unix (send, receive, connect)
type=stream
peer=(addr="@/dbus-vfs-daemon/socket-*"),
which will allow connecting to this socket (but dbus mediation is still in effect).
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-lp1375067.patch
Type: text/x-diff
Size: 529 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141006/ec43022e/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141006/ec43022e/attachment.pgp>
More information about the AppArmor
mailing list