[apparmor] [PATCH profile 1/1] dnsmasq: Adjust pattern for log files to comply SELinux
Petr Vorel
pvorel at suse.cz
Wed Nov 7 19:35:21 UTC 2018
Commit 025c7dc6 ("dnsmasq: Add permission to open log files") added
pattern, which is not compatible with SELinux. As this pattern has been
in SELinux since 2011 IMHO it's better to adjust our profile.
Signed-off-by: Petr Vorel <pvorel at suse.cz>
---
Hi,
I'm sorry I didn't check that properly before.
BTW I'm going to propose our LXC and NetworkManager fixes to SELinux.
Some projects suffer from AppArmor and SELinux profile incompatibility.
Kind regards,
Petr
---
profiles/apparmor.d/usr.sbin.dnsmasq | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index f2e6847d..4a882720 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -45,7 +45,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
/usr/{bin,sbin}/dnsmasq mr,
- /var/log/*dnsmasq.log w,
+ /var/log/dnsmasq.* w,
/usr/share/dnsmasq/ r,
/usr/share/dnsmasq/* r,
--
2.19.1
More information about the AppArmor
mailing list