[apparmor] [patch] nameservice: read permission to avahi socket

Sat Nov 2 15:15:41 UTC 2013

Hi,

AppArmor requires read and write permission to connect to
unix domain sockets but the nameservice abstraction only
grants write access to the avahi socket.
As a result mdns name resolution fails.

I propose this simple patch to add the read permission:

=== modified file 'profiles/apparmor.d/abstractions/nameservice'

--- profiles/apparmor.d/abstractions/nameservice	2013-01-02 23:34:38 +0000
+++ profiles/apparmor.d/abstractions/nameservice	2013-11-02 15:03:20 +0000
@@ -50,7 +50,7 @@
   /etc/default/nss               r,

   # avahi-daemon is used for mdns4 resolution
-  /{,var/}run/avahi-daemon/socket w,
+  /{,var/}run/avahi-daemon/socket rw,

   # nis
   #include <abstractions/nis>

Regards,
Felix

