mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity

Document aliases for dbus send and receive in apparmor.d

Browse Source 
Acked-by: Tyler Hicks <tyhicks@canonical.com>
This commit is contained in:
Christian Boltz 2016-06-01 22:55:14 +02:00
parent fd17ff0daa
commit c3bcdc32fb
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
parser/apparmor.d.pod
View File

@ -195,7 +195,7 @@ B<DBUS LABEL> = 'label' '=' '(' '"' I<AARE> '"' | I<AARE> ')'
B<DBUS ACCESS LIST> = Comma separated list of I<DBUS ACCESS>
B<DBUS ACCESS> = ( 'send' | 'receive' | 'bind' | 'eavesdrop' )
B<DBUS ACCESS> = ( 'send' | 'receive' | 'bind' | 'eavesdrop' | 'r' | 'read' | 'w' | 'write' | 'rw' )
Some accesses are incompatible with some rules; see below.
B<AARE> = B<?*[]{}^>
@ -1009,6 +1009,9 @@ The 'bind' permission cannot be used in message rules. The 'send' and 'receive'
permissions cannot be used in service rules. The 'eavesdrop' permission cannot
be used in rules containing any conditionals outside of the 'bus' conditional.
'r' and 'read' are synonyms for 'receive'. 'w' and 'write' are synonyms for
'send'. 'rw' is a synonym for both 'send' and 'receive'.
AppArmor DBus permissions are implied when a rule does not explicitly state an
access list. By default, all DBus permissions are implied. Only message
permissions are implied for message rules and only service permissions are