[apparmor] [patch] dnsmasq profile: more lxd additions
Christian Boltz
apparmor at cboltz.de
Thu Oct 20 20:31:18 UTC 2016
Hello,
$subject.
Besides dnsmasq.leases, dnsmasq.pid needs to be written. Also read
access for some files is needed (currently dnsmasq.raw and
dnsmasq.hosts - using dnsmasq.* makes this more future-proof when
more files get added)
References: https://bugs.launchpad.net/apparmor/+bug/1634199 (again)
[ profiles-dnsmasq.diff ]
=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
--- profiles/apparmor.d/usr.sbin.dnsmasq 2016-10-18 11:22:53 +0000
+++ profiles/apparmor.d/usr.sbin.dnsmasq 2016-10-20 20:20:22 +0000
@@ -77,7 +77,9 @@
# lxd-bridge pid and lease files
/{,var/}run/lxd-bridge/dnsmasq.pid rw,
/var/lib/lxd-bridge/dnsmasq.*.leases rw,
+ /var/lib/lxd/networks/*/dnsmasq.* r,
/var/lib/lxd/networks/*/dnsmasq.leases rw,
+ /var/lib/lxd/networks/*/dnsmasq.pid rw,
# NetworkManager integration
/{,var/}run/nm-dns-dnsmasq.conf r,
Regards,
Christian Boltz
--
Werbung lügt, Corporate Design sagt die Wahrheit. Naja,
alle _guten_ Komponenten der Wahrheit. :-) [Ratti]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161020/b3ea53f6/attachment.pgp>
More information about the AppArmor
mailing list