[apparmor] dnsmasq profile - backport to 2.7?
Christian Boltz
apparmor at cboltz.de
Mon Jan 9 13:24:55 UTC 2012
Hello,
I compared the profiles in trunk and the 2.7 branch.
There are not too many differences left:
- the (intended) small difference that 2.7 allows /.htaccess for
httpd-prefork
- a patch in the dnsmasq profile (see below), which should be backported
to 2.7 IMHO
- oh, and my smbd / smbldap-useradd patch is still pending...
Feedback welcome ;-)
diff -u -p -r 2.7-branch/profiles/apparmor.d/usr.sbin.dnsmasq HEAD-CLEAN/profiles/apparmor.d/usr.sbin.dnsmasq
--- 2.7-branch/profiles/apparmor.d/usr.sbin.dnsmasq 2011-12-21 19:03:34.000000000 +0100
+++ HEAD-CLEAN/profiles/apparmor.d/usr.sbin.dnsmasq 2011-12-29 01:57:46.000000000 +0100
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+@{TFTP_DIR}=/var/tftp
+
#include <tunables/global>
/usr/sbin/dnsmasq {
#include <abstractions/base>
@@ -36,6 +38,10 @@
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
+ # for the read-only TFTP server
+ @{TFTP_DIR}/ r,
+ @{TFTP_DIR}/** r,
+
# libvirt lease and hosts files for dnsmasq
/var/lib/libvirt/dnsmasq/ r,
/var/lib/libvirt/dnsmasq/*.leases rw,
Regards,
Christian Boltz
--
Wenn Windows2000 die Antwort sein soll, wie bescheuert muss bloss die
Frage gewesen sein!!!!
More information about the AppArmor
mailing list