mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

abstraction/exo-open: Remove dbus deny rule

Browse Source 
Abstractions should not generally include deny rules as this can unduly
constrain profiles which include them due to the precedent matching rules
between deny vs allow rules. Also as per the comment, this is not required
for exo-open to work, so simply omit it from the abstraction for
now. Finally, in Ubuntu, the evince profile includes the exo-open
abstraction and this deny rule causes evince to fail to initialise
correctly as it then assumes it cannot use gvfs.

Signed-off-by: Alex Murray <alex.murray@canonical.com>
This commit is contained in:
Alex Murray
2022-06-15 14:54:19 +09:30
parent 48fc233d05
commit cd91492d53
1 changed files with 0 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
profiles/apparmor.d/abstractions/exo-open
View File

@@ -51,13 +51,6 @@
/{,usr/}bin/which rix,
# Deny DBus
# for GTK error message dialog, not required exo-open to work.
deny dbus send
bus=session
path=/org/gtk/vfs/mounttracker,
# System files
/etc/xdg/{,xdg-*/}xfce4/helpers.rc r,