AppArmor: allow dbus access by default

As discussed in https://github.com/netblue30/firejail/issues/1917#issuecomment-386002234 leave blacklisting dbus access to firejail userspace with 'nodbus' option. Fine grained blacklisting of particular dbus services can be added here in the future.
author: Vincent43 <31109921+Vincent43@users.noreply.github.com> 2018-06-07 22:35:00 +0100
committer: GitHub <noreply@github.com> 2018-06-07 22:35:00 +0100
commit: aa37fe19fed6be8e44db461691149237ee71da94 (patch)
tree: 9fcca41ba361234009097d4e593f0660bb851572
parent: fnet fix (merge from LTS branch) (diff)
download: firejail-aa37fe19fed6be8e44db461691149237ee71da94.tar.gz
firejail-aa37fe19fed6be8e44db461691149237ee71da94.tar.zst
firejail-aa37fe19fed6be8e44db461691149237ee71da94.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/firejail-default b/etc/firejail-default
index 965167891..8bf42b3a3 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -13,12 +13,12 @@
 profile firejail-default flags=(attach_disconnected,mediate_deleted) {
 ##########
-# D-Bus is a huge security hole. Uncomment those lines if you need D-Bus
+# Allow D-Bus access. It may negatively affect security. Comment those lines or
-# functionality.
+# use 'nodbus' option in profile if you don't need D-Bus functionality.
 ##########
-##include <abstractions/dbus-strict>
+#include <abstractions/dbus-strict>
-##include <abstractions/dbus-session-strict>
+#include <abstractions/dbus-session-strict>
-#dbus,
+dbus,
 ##########
 # With ptrace it is possible to inspect and hijack running programs. Usually this
author	Vincent43 <31109921+Vincent43@users.noreply.github.com>	2018-06-07 22:35:00 +0100
committer	GitHub <noreply@github.com>	2018-06-07 22:35:00 +0100
commit	aa37fe19fed6be8e44db461691149237ee71da94 (patch)
tree	9fcca41ba361234009097d4e593f0660bb851572
parent	fnet fix (merge from LTS branch) (diff)
download	firejail-aa37fe19fed6be8e44db461691149237ee71da94.tar.gz firejail-aa37fe19fed6be8e44db461691149237ee71da94.tar.zst firejail-aa37fe19fed6be8e44db461691149237ee71da94.zip

diff --git a/etc/firejail-default b/etc/firejail-default index 965167891..8bf42b3a3 100644 --- a/etc/firejail-default +++ b/etc/firejail-default
@@ -13,12 +13,12 @@
13	profile firejail-default flags=(attach_disconnected,mediate_deleted) {	13	profile firejail-default flags=(attach_disconnected,mediate_deleted) {
14		14
15	##########	15	##########
16	# D-Bus is a huge security hole. Uncomment those lines if you need D-Bus	16	# Allow D-Bus access. It may negatively affect security. Comment those lines or
17	# functionality.	17	# use 'nodbus' option in profile if you don't need D-Bus functionality.
18	##########	18	##########
19	##include <abstractions/dbus-strict>	19	#include <abstractions/dbus-strict>
20	##include <abstractions/dbus-session-strict>	20	#include <abstractions/dbus-session-strict>
21	#dbus,	21	dbus,
22		22
23	##########	23	##########
24	# With ptrace it is possible to inspect and hijack running programs. Usually this	24	# With ptrace it is possible to inspect and hijack running programs. Usually this