[apparmor] dnsmasq[60146]: unknown user or group: dnsmasq
John Johansen
john.johansen at canonical.com
Mon Apr 14 17:59:29 UTC 2025
On 4/1/25 23:39, Sam Pinkus wrote:
> Hi,
>
> I'm rrying to create an apparmor profile for dnsmasq. Even in complain mode dnsmasq daemon won't start with:
>
> > dnsmasq[60146]: unknown user or group: dnsmasq
>
> Presuming it's something to do with dnsmasq switching users to dnsmasq. But how to account for this in the profile? And why is this happening even in complain mode?
>
so my guess is it is to do with namespacing. If this is correct you should see denied messages with info="Failed name lookup - disconnected path"
you can get around this atm by specifying flags=(attach_disconnected) for the profile.
eg.
profile example /usr/bin/example flags=(attach_disconnected) {
...
}
More information about the AppArmor
mailing list