[apparmor] [patch] make tftp server for dnsmasq working
Christian Boltz
apparmor at cboltz.de
Sat Apr 14 11:10:50 UTC 2012
Hello,
I could just commit the patch below based on the "nobody complained
within a week" rule, but some sort of reply would be better ;-)
Am Samstag, 7. April 2012 schrieb Christian Boltz:
> Am Freitag, 6. April 2012 schrieb Steve Beattie:
> > On Fri, Apr 06, 2012 at 03:21:39PM +0200, Christian Boltz wrote:
> > > If tftp server for dnsmasq is configured it won't serve the boot
> > > file. This patch adds read permissions for /srv/tftpboot/
> > >
> > > References: https://bugzilla.novell.com/show_bug.cgi?id=738905
> > >
> > > I propose this patch for trunk and the 2.7 branch.
> >
> > NACK, that's what the @{TFTP_DIR} variable definition at the top of
> > the profile is for.
>
> Good catch - I overlooked this variable.
>
> > (We can argue about what the default setting for that variable ought
> > to be...)
>
> I'll try to argue with an updated patch ;-) and still propose it for
> trunk and the 2.7 branch.
>
> === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
> --- profiles/apparmor.d/usr.sbin.dnsmasq
> +++ profiles/apparmor.d/usr.sbin.dnsmasq
> @@ -9,7 +9,7 @@
> #
> # ------------------------------------------------------------------
>
> -@{TFTP_DIR}=/var/tftp
> +@{TFTP_DIR}=/var/tftp /srv/tftpboot
>
> #include <tunables/global>
> /usr/sbin/dnsmasq {
Regards,
Christian Boltz
--
Vielleicht hat aber auch nur dein Computer so etwas wie eine eigene
Intelligenz entwickelt, so als eine Art Überlebensstrategie. Mach mal
weiter, vielleicht kommst du ja noch ganz groß raus als unfreiwilliger
Erfinder des ersten völlig selbständig kognitiven Computers.
[Matthias Houdek in suse-linux]
More information about the AppArmor
mailing list