Thanks John, Following your advice, I rewritten all my old dbus rules. I have added over 30 new dbus specific abstractions [1]. As I have the endpoint, they are all labelled with they corresponding apparmor profile. These abstractions should be used by profiles that simply need to talk to a given interface, so I restricted the allowed method.
For example, most common polkit communication can be allowed with: ``` include <abstractions/bus/org.freedesktop.PolicyKit1> ``` They will be still some polishing work to do but we finally have a good base. [1]: https://github.com/roddhjav/apparmor.d/tree/main/apparmor.d/abstractions/bus Regards, Alex
