On Fri, May 02, 2014 at 12:48:42PM -0500, Tyler Hicks wrote: > It may not be obvious that the peer label can be "unconfined". Provide > an example rule, in the apparmor.d man page, demonstrating the > peer=(label=unconfined) conditional. > > Signed-off-by: Tyler Hicks <[email protected]> > Reported-by: Alban Crequy <[email protected]>
Acked-by: Seth Arnold <[email protected]> Thanks > --- > > Someone that is quite familiar with AppArmor D-Bus mediation mentioned in IRC > that he didn't realize that the peer label in dbus rules could be > "unconfined". > That is due to a failure in our documentation. This patch is a quick attempt > at > making it more clear. > > parser/apparmor.d.pod | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod > index ff7887d..dd1e6ff 100644 > --- a/parser/apparmor.d.pod > +++ b/parser/apparmor.d.pod > @@ -741,6 +741,9 @@ Example AppArmor DBus rules: > member=ExampleMethod > peer=(name=(com.example.ExampleName1|com.example.ExampleName2)), > > + # Allow receive access for all unconfined peers > + dbus receive peer=(label=unconfined)), > + > # Allow eavesdropping on the system bus > dbus eavesdrop bus=system, > > -- > 1.9.1 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
