[apparmor] [PATCH] update gnome abstraction for unix
Seth Arnold
seth.arnold at canonical.com
Mon Oct 6 18:50:55 UTC 2014
On Mon, Oct 06, 2014 at 01:19:07PM -0500, Jamie Strandboge wrote:
> On Ubuntu, users are seeing the following denial on remote webdav shares:
> apparmor="DENIED" operation="connect" profile="/usr/bin/evince" pid=18278
> comm="EvJobScheduler" family="unix" sock_type="stream" protocol=0
> requested_mask="send receive connect" denied_mask="send connect" addr=none
> peer_addr="@/dbus-vfs-daemon/socket-8Ij86BjH" peer="unconfined"
>
> This patch updates the gnome abstraction to have:
> unix (send, receive, connect)
> type=stream
> peer=(addr="@/dbus-vfs-daemon/socket-*"),
>
> which will allow connecting to this socket (but dbus mediation is still in effect).
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
>
> --
> Jamie Strandboge http://www.ubuntu.com/
> === modified file 'profiles/apparmor.d/abstractions/gnome'
> --- profiles/apparmor.d/abstractions/gnome 2014-02-20 15:31:07 +0000
> +++ profiles/apparmor.d/abstractions/gnome 2014-10-06 18:15:30 +0000
> @@ -85,3 +85,9 @@
> /etc/gnome/defaults.list r,
> /usr/share/gnome/applications/ r,
> /usr/share/gnome/applications/mimeinfo.cache r,
> +
> + # Allow connecting to the GNOME vfs socket (still need corresponding DBus
> + # rules)
> + unix (send, receive, connect)
> + type=stream
> + peer=(addr="@/dbus-vfs-daemon/socket-*"),
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141006/09ef3b78/attachment.pgp>
More information about the AppArmor
mailing list