[apparmor] [patch] nameservice: read permission to avahi socket
John Johansen
john.johansen at canonical.com
Tue Nov 5 23:07:13 UTC 2013
On 11/02/2013 08:15 AM, Felix Geyer wrote:
> Hi,
>
> AppArmor requires read and write permission to connect to
> unix domain sockets but the nameservice abstraction only
> grants write access to the avahi socket.
> As a result mdns name resolution fails.
>
> I propose this simple patch to add the read permission:
>
> === modified file 'profiles/apparmor.d/abstractions/nameservice'
> --- profiles/apparmor.d/abstractions/nameservice 2013-01-02 23:34:38 +0000
> +++ profiles/apparmor.d/abstractions/nameservice 2013-11-02 15:03:20 +0000
> @@ -50,7 +50,7 @@
> /etc/default/nss r,
>
> # avahi-daemon is used for mdns4 resolution
> - /{,var/}run/avahi-daemon/socket w,
> + /{,var/}run/avahi-daemon/socket rw,
>
> # nis
> #include <abstractions/nis>
>
yep this is true for saucy and on
Acked-by: John Johansen <john.johansen at canonical.com>
More information about the AppArmor
mailing list