[apparmor] [patch] dnsmasq profile - update for libvirt files
Christian Boltz
apparmor at cboltz.de
Wed Oct 30 19:39:16 UTC 2013
Hello,
dnsmasq needs read access to more files in /var/lib/libvirt/dnsmasq/
(at least *.conf and *.addnhosts)
Since this directory contains only files that are intended for dnsmasq
(also confirmed by Jim Fehlig, the SUSE libvirt maintainer), the best
way is to just allow "/var/lib/libvirt/dnsmasq/* r,"
References: https://bugzilla.novell.com/show_bug.cgi?id=848215
I propose this patch for trunk and the 2.8 branch.
=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
--- profiles/apparmor.d/usr.sbin.dnsmasq 2013-08-20 22:52:22
+++ profiles/apparmor.d/usr.sbin.dnsmasq 2013-10-30 19:33:18
@@ -43,10 +43,10 @@
@{TFTP_DIR}/ r,
@{TFTP_DIR}/** r,
- # libvirt lease and hosts files for dnsmasq
+ # libvirt config, lease and hosts files for dnsmasq
/var/lib/libvirt/dnsmasq/ r,
+ /var/lib/libvirt/dnsmasq/* r,
/var/lib/libvirt/dnsmasq/*.leases rw,
- /var/lib/libvirt/dnsmasq/*.hostsfile r,
# libvirt pid files for dnsmasq
/{,var/}run/libvirt/network/ r,
Regards,
Christian Boltz
--
Die Borg sind einfach eine Allegorie auf M$: gross, toll und voller
endloser Featuritis - aber wenn es ernst wird, sterben sie an einer
Schutzverletzung. [Andreas Pohlke in drsst]
More information about the AppArmor
mailing list