D29030: AppArmor DBus rules for AkonadiServer
Sandro Knauß
noreply at phabricator.kde.org
Tue Apr 21 19:14:55 BST 2020
knauss added a comment.
This dbus feature was added with newer AppArmor versions - I havn't heard about it until today ;) But this makes totally sense that also DBus access it controlled.
INLINE COMMENTS
> usr.bin.akonadiserver:21
> + bus=session
> + interface=org.freedesktop.DBus,
> + dbus bind
Why Akonadi needs access to interface=org.freedesktop.DBus?
> usr.bin.akonadiserver:31
> /usr/bin/akonadiserver mr,
> + /usr/lib/x86_64-linux-gnu/libexec/drkonqi PUx,
> /usr/bin/mysql_install_db PUx -> mysqld_akonadi,
is this really necessary?
> usr.bin.akonadiserver:44
> /usr/share/qt/translations/* r,
> + /usr/share/mysql/charsets/* r,
> @{PROC}/sys/kernel/core_pattern r,
Replace with `/usr/share/mysql/* r` as mysql should be able to access its complete data.
> usr.bin.akonadiserver:63
> owner @{PROC}/@{pid}/mounts r,
> + owner @{PROC}/[0-9]*/stat r,
> owner /{,var/}run/user/@{uid}/akonadi** rwk,
`[0-9]*` can be replaced with `@{pid}` as it does not need to access other processes.
> usr.bin.akonadiserver:65
> owner /{,var/}run/user/@{uid}/akonadi** rwk,
> + owner /{,var/}run/user/@{uid}/kdeinit** rwk,
> + owner /{,var/}run/user/@{uid}/kcrash** rwk,
is this really necessary?
> usr.bin.akonadiserver:66
> + owner /{,var/}run/user/@{uid}/kdeinit** rwk,
> + owner /{,var/}run/user/@{uid}/kcrash** rwk,
> owner /tmp/#[0-9]* m,
is this really necessary?
REPOSITORY
R165 Akonadi
REVISION DETAIL
https://phabricator.kde.org/D29030
To: lukaskaras
Cc: dvratil, knauss, kde-pim, fbampaloukas, dcaliste, dvasin, rodsevich, winterz, vkrause, mlaurent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20200421/cea26c4b/attachment-0001.html>
More information about the kde-pim
mailing list