mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Merge profiles: add a profile for notify-send

Browse Source 
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1635
Approved-by: Maxime Bélair <maxime.belair@canonical.com>
Merged-by: Maxime Bélair <maxime.belair@canonical.com>
This commit is contained in:
Maxime Bélair 2025-05-12 13:46:55 +00:00
commit 2800aaedd0
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
profiles/apparmor.d/notify-send Normal file
View File

@ -0,0 +1,21 @@
abi <abi/4.0>,
include <tunables/global>
profile notify-send /usr/bin/notify-send {
include <abstractions/base>
include <abstractions/dbus-session-strict>
/usr/bin/notify-send mr,
# No idea why notify-send wants cgroup info but it works fine without it
deny /proc/@{pid}/cgroup r,
dbus (send)
bus=session
path=/org/freedesktop/Notifications
interface=org.freedesktop.Notifications
member={GetServerInformation,Notify},
include if exists <local/notify-send>
}