[apparmor] [patch] make tftp server for dnsmasq working
John Johansen
john.johansen at canonical.com
Mon Apr 16 20:13:21 UTC 2012
On 04/14/2012 04:10 AM, Christian Boltz wrote:
> Hello,
>
> I could just commit the patch below based on the "nobody complained
> within a week" rule, but some sort of reply would be better ;-)
>
Christian, I don't have a strong opinion on this. It appears you have
addressed Steve's issue that lead him to NAK it, and since no one has
objected to changing the default value, I would say just check it in :)
> Am Samstag, 7. April 2012 schrieb Christian Boltz:
>> Am Freitag, 6. April 2012 schrieb Steve Beattie:
>>> On Fri, Apr 06, 2012 at 03:21:39PM +0200, Christian Boltz wrote:
>>>> If tftp server for dnsmasq is configured it won't serve the boot
>>>> file. This patch adds read permissions for /srv/tftpboot/
>>>>
>>>> References: https://bugzilla.novell.com/show_bug.cgi?id=738905
>>>>
>>>> I propose this patch for trunk and the 2.7 branch.
>>>
>>> NACK, that's what the @{TFTP_DIR} variable definition at the top of
>>> the profile is for.
>>
>> Good catch - I overlooked this variable.
>>
>>> (We can argue about what the default setting for that variable ought
>>> to be...)
>>
>> I'll try to argue with an updated patch ;-) and still propose it for
>> trunk and the 2.7 branch.
>>
>> === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
>> --- profiles/apparmor.d/usr.sbin.dnsmasq
>> +++ profiles/apparmor.d/usr.sbin.dnsmasq
>> @@ -9,7 +9,7 @@
>> #
>> # ------------------------------------------------------------------
>>
>> -@{TFTP_DIR}=/var/tftp
>> +@{TFTP_DIR}=/var/tftp /srv/tftpboot
>>
>> #include <tunables/global>
>> /usr/sbin/dnsmasq {
>
>
> Regards,
>
> Christian Boltz
More information about the AppArmor
mailing list