Add apparmor element support to bus config parsing

The <apparmor> element can contain a single mode attribute that has one of three values: "enabled" "disabled" "required" "enabled" means that kernel support is autodetected and, if available, AppArmor mediation occurs in dbus-daemon. If kernel support is not detected, mediation is disabled. "disabled" means that mediation does not occur. "required" means that kernel support must be detected for dbus-daemon to start. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
author: Tyler Hicks <tyhicks@canonical.com> 2014-02-10 19:02:04 -0600
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2015-02-18 17:04:00 +0000
commit: 06033cb20fb6b33fc26c2ef3f5bec1bf75596e34 (patch)
tree: 548ba7b8c62f81ab3663e6753fa1fcd073a15dba /bus/session.conf.in
parent: f62bff5bca2c187262a550f6f0a0c2a662adaaf6 (diff)
download: dbus-06033cb20fb6b33fc26c2ef3f5bec1bf75596e34.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/bus/session.conf.in b/bus/session.conf.in
index cfe9544f..d2e3f2d0 100644
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@@ -25,6 +25,9 @@
     <allow own="*"/>
   </policy>
 
+  <!-- Enable AppArmor mediation when it is available -->
+  <apparmor mode="enabled"/>
+
   <!-- Config files are placed here that among other things, 
        further restrict the above policy for specific services. -->
   <includedir>session.d</includedir>
author	Tyler Hicks <tyhicks@canonical.com>	2014-02-10 19:02:04 -0600
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2015-02-18 17:04:00 +0000
commit	06033cb20fb6b33fc26c2ef3f5bec1bf75596e34 (patch)
tree	548ba7b8c62f81ab3663e6753fa1fcd073a15dba /bus/session.conf.in
parent	f62bff5bca2c187262a550f6f0a0c2a662adaaf6 (diff)
download	dbus-06033cb20fb6b33fc26c2ef3f5bec1bf75596e34.tar.gz