From aa37fe19fed6be8e44db461691149237ee71da94 Mon Sep 17 00:00:00 2001
From: Vincent43 <31109921+Vincent43@users.noreply.github.com>
Date: Thu, 7 Jun 2018 22:35:00 +0100
Subject: AppArmor: allow dbus access by default

As discussed in https://github.com/netblue30/firejail/issues/1917#issuecomment-386002234 leave blacklisting dbus access to firejail userspace with 'nodbus' option. Fine grained blacklisting of particular dbus services can be added here in the future.
---
 etc/firejail-default | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/etc/firejail-default b/etc/firejail-default
index 965167891..8bf42b3a3 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -13,12 +13,12 @@
 profile firejail-default flags=(attach_disconnected,mediate_deleted) {
 
 ##########
-# D-Bus is a huge security hole. Uncomment those lines if you need D-Bus
-# functionality.
+# Allow D-Bus access. It may negatively affect security. Comment those lines or
+# use 'nodbus' option in profile if you don't need D-Bus functionality.
 ##########
-##include <abstractions/dbus-strict>
-##include <abstractions/dbus-session-strict>
-#dbus,
+#include <abstractions/dbus-strict>
+#include <abstractions/dbus-session-strict>
+dbus,
 
 ##########
 # With ptrace it is possible to inspect and hijack running programs. Usually this
-- 
cgit v1.2.3-54-g00ecf