[apparmor] what is the best way to write apparmor dbus rules
Alexandre Pujol
alexandre at pujol.io
Fri Dec 8 11:20:28 UTC 2023
Thanks John,
Following your advice, I rewritten all my old dbus rules. I have added
over 30 new dbus specific abstractions [1]. As I have the endpoint, they
are all labelled with they corresponding apparmor profile. These
abstractions should be used by profiles that simply need to talk to a
given interface, so I restricted the allowed method.
For example, most common polkit communication can be allowed with:
```
include <abstractions/bus/org.freedesktop.PolicyKit1>
```
They will be still some polishing work to do but we finally have a good
base.
[1]:
https://github.com/roddhjav/apparmor.d/tree/main/apparmor.d/abstractions/bus
Regards,
Alex
More information about the AppArmor
mailing list