Add dbus-network-manager-strict abstraction
Some applications queries network configuration (using QNetworkConfigurationManager class in Qt and similar), and that produces DBus denials under AppArmor confinement when NetworkManager backend is used.
Add abstraction that allows most common read-only DBus queries for getting current network configuration from NetworkManager backend.
Merge request reports
Activity
I was able to localise/reproduce DBus denials about NetworkManager using simple application that uses
QNetworkConfigurationManager
class in my manual test project [0].Once this MR is done, I will udpate !404 (merged) to simplify
kde-open5
abstraction.Edited by Vincas DargisPing @jdstrand
do any of the D-Bus accesses allowed here reveal secrets, e.g. Wi-Fi passwords?
I don't know, though I doubt it.
Apart of that, I'm curious what app does that. Any example?
kde-open5
, see proposedkde-open5
abstraction in !404 (merged).Also, KDE Dragon Player. Seems Qt-based applications "like" to have that. It's enough to probe available internet connections (see example link provided in MR post) to trigger all this.
@jdstrand do you want to look at this? Other wise I am inclined to approve it
mentioned in merge request !404 (merged)
mentioned in commit a10fa57f
mentioned in commit jjohansen/apparmor@c046bc83