Thanks for taking on this task, Seth! On 2014-02-11 15:53:31, Seth Arnold wrote: > The patch header for this one suggests that we should integrate it into > upstream AppArmor only after the AppArmor patches to dbus have been > integrated into upstream dbus. > Thoughts? > 0068-libapparmor-mention-dbus-method-in-getcon-man.patch
That patch documents a dbus-daemon method that can be called to get a connection's AppArmor label. In Ubuntu's patched dbus-daemon, the method is org.freedesktop.DBus.GetConnectionAppArmorSecurityContext. It is part of the top-level org.freedesktop.DBus interface, just like the SELinux equivalent. However, I've seen upstream D-Bus talk about how the SELinux method shouldn't be in the top-level interface so I suspect that they'll want to move the AppArmor method before merging it. Let's wait on applying this patch to trunk. > > Parts of this patch were integrated into trunk, but the > libraries/libapparmor/src/libapparmor.map change is funny: > 0053-libapparmor-Export-a-label-based-query-interface.patch > > (The trunk version adds the aa_query_label symbol to APPARMOR_3.0; the > patch in the Ubuntu packaging adds the symbol to APPARMOR_1.1.) The trunk version is correct. I can't remember why I added it to APPARMOR_1.1 in Ubuntu but that's wrong for trunk. Thanks again! Tyler
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
