fix(xdg-document-portal): add `abstractions/nameservice-strict`

roddhjav / apparmor.d

Full set of AppArmor profiles (~ 1500 profiles)

https://apparmor.pujol.io

GNU General Public License v2.0

395 stars 34 forks source link

fix(xdg-document-portal): add `abstractions/nameservice-strict` #361

Closed REmerald closed 3 weeks ago

REmerald commented 3 weeks ago

Should fix

$ aa-log -f 1 xdg-document-portal 
ALLOWED xdg-document-portal open /etc/nsswitch.conf comm=xdg-document-po requested_mask=r denied_mask=r
ALLOWED xdg-document-portal open /etc/passwd comm=xdg-document-po requested_mask=r denied_mask=r
$ aa-log -f 1 -r xdg-document-portal 
profile xdg-document-portal {
  /etc/nsswitch.conf r,
  /etc/passwd r,
}

valoq commented 3 weeks ago

This should probably get the nameservice abstraction instead

include <abstractions/nameservice-strict>

REmerald commented 3 weeks ago

This should probably get the nameservice abstraction instead

Done

roddhjav commented 3 weeks ago

Thanks, merged!