Proposals that were decisively approved through voting: * Proposal 3.1 - Change subj= to subject= * Proposal 3.2 - Move the access to the front
Unfortunately, the way that I laid out the proposals in the last email
did not result in clear decision on whether people preferred the
original Proposal 3's grouping like subject=() or Proposal 3.5's
subject {} style.
I've revised the profiles to include what we have already approved. I'm
asking for a *quick* set of responses to finalize this today.
* Revised Proposal 3 - subject=() and peer=()
dbus [acquire] [<bus>] [subject=(<subject>)],
dbus [send | receive] [<bus>] [subject=(<subject>)] [peer=(<peer>)],
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this exercise
file,
dbus bus=accessibility,
# Talks to system and session buses
dbus (send receive) bus={system,session} peer=(name=org.freedesktop.DBus),
# Sends messages on the system bus
dbus send bus=system peer=(name=org.freedesktop.ConsoleKit
path=/org/freedesktop/ConsoleKit/Manager
interface=org.freedesktop.ConsoleKit.Manager),
dbus send bus=system peer=(name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts),
dbus send bus=system peer=(name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties),
# Receives messages on the session bus
dbus acquire bus=session subject=(name=org.gnome.ScreenSaver),
dbus receive bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.freedesktop.DBus.Properties),
# Be selective because the Lock method is mediated by these rules
dbus receive bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer=(label=/usr/bin/gnome-settings-daemon),
dbus receive bus=session subject=(path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver) peer=(name=com.canonical.indicator.session),
# Sends messages on the session bus
dbus send bus=session peer=(name=org.gnome.SessionManager
path=/org/gnome/SessionManager/Presence
interface=org.freedesktop.DBus.Properties),
dbus send bus=session peer=(path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker),
dbus send bus=session peer=(name=org.gnome.Shell path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties),
}
* Revised Proposal 3.5 - subject {} and peer {}
dbus [acquire] [<bus>] [subject {<subject>}],
dbus [send | receive] [<bus>] [subject {<subject>}] [peer {<peer>}],
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this exercise
file,
dbus bus=accessibility,
# Talks to system and session buses
dbus (send receive) bus={system,session} peer {name=org.freedesktop.DBus},
# Sends messages on the system bus
dbus send bus=system peer {name=org.freedesktop.ConsoleKit
path=/org/freedesktop/ConsoleKit/Manager
interface=org.freedesktop.ConsoleKit.Manager},
dbus send bus=system peer {name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts},
dbus send bus=system peer {name=org.freedesktop.Accounts
path=/org/freedesktop/Accounts/User* interface=org.freedesktop.DBus.Properties},
# Receives messages on the session bus
dbus acquire bus=session subject {name=org.gnome.ScreenSaver},
dbus receive bus=session subject {path=/org/gnome/ScreenSaver
interface=org.freedesktop.DBus.Properties},
# Be selective because the Lock method is mediated by these rules
dbus receive bus=session subject {path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver} peer {label=/usr/bin/gnome-settings-daemon},
dbus receive bus=session subject {path=/org/gnome/ScreenSaver
interface=org.gnome.ScreenSaver} peer {name=com.canonical.indicator.session},
# Sends messages on the session bus
dbus send bus=session peer {name=org.gnome.SessionManager
path=/org/gnome/SessionManager/Presence
interface=org.freedesktop.DBus.Properties},
dbus send bus=session peer {path=/org/gtk/vfs/mounttracker
interface=org.gtk.vfs.MountTracker},
dbus send bus=session peer {name=org.gnome.Shell path=/org/gnome/Shell
interface=org.freedesktop.DBus.Properties},
}
Thanks!
Tyler
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
