[apparmor] [patch] dnsmasq profile - update for libvirt files
Jamie Strandboge
jamie at canonical.com
Wed Oct 30 20:31:59 UTC 2013
On 10/30/2013 12:39 PM, Christian Boltz wrote:
> Hello,
>
> dnsmasq needs read access to more files in /var/lib/libvirt/dnsmasq/
> (at least *.conf and *.addnhosts)
>
> Since this directory contains only files that are intended for dnsmasq
> (also confirmed by Jim Fehlig, the SUSE libvirt maintainer), the best
> way is to just allow "/var/lib/libvirt/dnsmasq/* r,"
>
> References: https://bugzilla.novell.com/show_bug.cgi?id=848215
>
> I propose this patch for trunk and the 2.8 branch.
>
>
> === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
> --- profiles/apparmor.d/usr.sbin.dnsmasq 2013-08-20 22:52:22
> +++ profiles/apparmor.d/usr.sbin.dnsmasq 2013-10-30 19:33:18
> @@ -43,10 +43,10 @@
> @{TFTP_DIR}/ r,
> @{TFTP_DIR}/** r,
>
> - # libvirt lease and hosts files for dnsmasq
> + # libvirt config, lease and hosts files for dnsmasq
> /var/lib/libvirt/dnsmasq/ r,
> + /var/lib/libvirt/dnsmasq/* r,
> /var/lib/libvirt/dnsmasq/*.leases rw,
> - /var/lib/libvirt/dnsmasq/*.hostsfile r,
>
> # libvirt pid files for dnsmasq
> /{,var/}run/libvirt/network/ r,
>
+1 for trunk and 2.8
--
Jamie Strandboge http://www.ubuntu.com/
More information about the AppArmor
mailing list