Add apparmor element support to bus config parsing

The <apparmor> element can contain a single mode attribute that has one of three values: "enabled" "disabled" "required" "enabled" means that kernel support is autodetected and, if available, AppArmor mediation occurs in dbus-daemon. If kernel support is not detected, mediation is disabled. "disabled" means that mediation does not occur. "required" means that kernel support must be detected for dbus-daemon to start. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
author: Tyler Hicks <tyhicks@canonical.com> 2014-02-10 19:02:04 -0600
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2015-02-18 17:04:00 +0000
commit: 06033cb20fb6b33fc26c2ef3f5bec1bf75596e34 (patch)
tree: 548ba7b8c62f81ab3663e6753fa1fcd073a15dba /bus/system.conf.in
parent: f62bff5bca2c187262a550f6f0a0c2a662adaaf6 (diff)
download: dbus-06033cb20fb6b33fc26c2ef3f5bec1bf75596e34.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/bus/system.conf.in b/bus/system.conf.in
index ac78c734..fc472bd7 100644
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@@ -97,6 +97,9 @@
            send_interface="org.freedesktop.DBus.Debug.Stats"/>
   </policy>
 
+  <!-- Enable AppArmor mediation when it is available -->
+  <apparmor mode="enabled"/>
+
   <!-- Config files are placed here that among other things, punch 
        holes in the above policy for specific services. -->
   <includedir>system.d</includedir>
author	Tyler Hicks <tyhicks@canonical.com>	2014-02-10 19:02:04 -0600
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2015-02-18 17:04:00 +0000
commit	06033cb20fb6b33fc26c2ef3f5bec1bf75596e34 (patch)
tree	548ba7b8c62f81ab3663e6753fa1fcd073a15dba /bus/system.conf.in
parent	f62bff5bca2c187262a550f6f0a0c2a662adaaf6 (diff)
download	dbus-06033cb20fb6b33fc26c2ef3f5bec1bf75596e34.tar.gz