[apparmor] [patch] fix dnsmasq profile to allow executing bash and allow lib64 libvirt_leaseshelper script
John Johansen
john.johansen at canonical.com
Mon Dec 22 14:18:11 UTC 2014
On 12/22/2014 05:06 AM, Christian Boltz wrote:
> Hello,
>
> this patch fixes the dnsmasq profile to allow executing bash to run the
> --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get
> libvirt leasehelper script to run even on x86_64.
>
> References: https://bugzilla.opensuse.org/show_bug.cgi?id=911001
>
> Patch by "Cédric Bosdonnat" <cbosdonnat at suse.com>
>
> Note: the original patch used {lib,lib64} - I changed it to lib{,64}
> to match the style we typically use.
>
> I propose this patch for trunk and 2.9.
>
Acked-by: John Johansen <john.johansen at canonical.com>
>
> [ dnsmasq-profile-fixes.patch ]
>
> Index: apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq
> ===================================================================
> --- apparmor-2.9.0.orig/profiles/apparmor.d/usr.sbin.dnsmasq
> +++ apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq
> @@ -44,6 +44,8 @@
>
> /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
>
> + /bin/bash ix, # Required to execute --dhcp-script argument
> +
> # access to iface mtu needed for Router Advertisement messages in IPv6
> # Neighbor Discovery protocol (RFC 2461)
> @{PROC}/sys/net/ipv6/conf/*/mtu r,
> @@ -63,7 +65,7 @@
> /{,var/}run/libvirt/network/*.pid rw,
>
> # libvirt lease helper
> - /usr/lib/libvirt/libvirt_leaseshelper ix,
> + /usr/lib{,64}/libvirt/libvirt_leaseshelper ix,
> /{,var/}run/leaseshelper.pid rwk,
>
> # NetworkManager integration
>
>
> Regards,
>
> Christian Boltz
>
More information about the AppArmor
mailing list