On Mon, Oct 06, 2014 at 01:19:07PM -0500, Jamie Strandboge wrote: > On Ubuntu, users are seeing the following denial on remote webdav shares: > apparmor="DENIED" operation="connect" profile="/usr/bin/evince" pid=18278 > comm="EvJobScheduler" family="unix" sock_type="stream" protocol=0 > requested_mask="send receive connect" denied_mask="send connect" addr=none > peer_addr="@/dbus-vfs-daemon/socket-8Ij86BjH" peer="unconfined" > > This patch updates the gnome abstraction to have: > unix (send, receive, connect) > type=stream > peer=(addr="@/dbus-vfs-daemon/socket-*"), > > which will allow connecting to this socket (but dbus mediation is still in > effect).
Acked-by: Seth Arnold <[email protected]> Thanks > > -- > Jamie Strandboge http://www.ubuntu.com/ > === modified file 'profiles/apparmor.d/abstractions/gnome' > --- profiles/apparmor.d/abstractions/gnome 2014-02-20 15:31:07 +0000 > +++ profiles/apparmor.d/abstractions/gnome 2014-10-06 18:15:30 +0000 > @@ -85,3 +85,9 @@ > /etc/gnome/defaults.list r, > /usr/share/gnome/applications/ r, > /usr/share/gnome/applications/mimeinfo.cache r, > + > + # Allow connecting to the GNOME vfs socket (still need corresponding DBus > + # rules) > + unix (send, receive, connect) > + type=stream > + peer=(addr="@/dbus-vfs-daemon/socket-*"), > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
