from 2.8 branch: ------------------------------------------------------------ revno: 2090 committer: Jamie Strandboge branch nick: 2.8 timestamp: Thu 2013-09-12 09:25:56 -0500 message: p11-kit needs access to /usr/share/p11-kit/modules Acked-By: Jamie Strandboge Acked-by: Steve Beattie (for trunk and 2.8) modified: profiles/apparmor.d/abstractions/p11-kit ------------------------------------------------------------ revno: 2089 committer: Steve Beattie branch nick: 2.8 timestamp: Wed 2013-09-11 16:05:13 -0700 message: profiles - Allow reading /etc/machine-id in the dbus-session abstraction. Merge from trunk commit rev 2181 From: intrigeri D-Bus now uses /etc/machine-id in some cases: https://bugs.freedesktop.org/show_bug.cgi?id=35228 Acked-by: Steve Beattie modified: profiles/apparmor.d/abstractions/dbus-session ------------------------------------------------------------ === modified file 'profiles/apparmor.d/abstractions/dbus-session' --- profiles/apparmor.d/abstractions/dbus-session 2011-05-09 16:09:24 +0000 +++ profiles/apparmor.d/abstractions/dbus-session 2013-09-11 23:05:13 +0000 @@ -10,4 +10,7 @@ # ------------------------------------------------------------------ /usr/bin/dbus-launch ix, + + # unique per-machine identifier + /etc/machine-id r, /var/lib/dbus/machine-id r, === modified file 'profiles/apparmor.d/abstractions/p11-kit' --- profiles/apparmor.d/abstractions/p11-kit 2012-01-18 22:22:08 +0000 +++ profiles/apparmor.d/abstractions/p11-kit 2013-09-12 14:25:56 +0000 @@ -16,6 +16,9 @@ /usr/lib{,32,64}/pkcs11/*.so mr, /usr/lib/@{multiarch}/pkcs11/*.so mr, + /usr/share/p11-kit/modules/ r, + /usr/share/p11-kit/modules/* r, + # p11-kit also supports reading user configuration from ~/.pkcs11 depending # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be # included in this abstraction.