AppArmor mediation of applications that use DBus
DBus aware applications currently cannot be properly mediated with AppArmor. While a confined application can be disallowed access to the DBus system bus, this is too coarse-grained. Furthermore, because AppArmor does not currently mediate IPC (and therefore the abstract unix domain sockets that DBus uses in Ubuntu for the per-user session bus), applications currently confined by AppArmor are allowed to talk to any application with an interface on the session bus.
The completed blueprint should provide a working implementation for DBus to use AppArmor to mediate message delivery (ie, what a sending application can talk to, and a receiving application can respond to). This requires kernel, AppArmor userspace and DBus changes. Message content mediation is out of scope for this blueprint.
Blueprint information
- Status:
- Started
- Approver:
- Jamie Strandboge
- Priority:
- High
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- Ubuntu Security Team
- Definition:
- Approved
- Series goal:
- Proposed for precise
- Implementation:
-
Beta Available
- Milestone target:
-
ubuntu-11.10
- Started by
- Jamie Strandboge
- Completed by
Whiteboard
Some of this was discussed in https:/
Work items:
[jjohansen] base ipc support in kernel: DONE
[jjohansen] base ipc support in parser: DONE
[jjohansen] libapparmor support (userspace querying of kernel): DONE
[sbeattie] base ipc support in tools: POSTPONED
[jjohansen] ipc regression tests: DONE
[jdstrand] study current dbus implementation: DONE
[jdstrand] review dbus/selinux implementation: DONE
[jdstrand] define test cases for dbus mediation: DONE
[jdstrand] implement test cases for dbus mediation: INPROGRESS
[jjohansen] dbus patch for apparmor mediation: DONE
[jdstrand] integrate dbus mediation into Ubuntu: POSTPONED
