[apparmor] [patch] dnsmasq profile - update for libvirt files
Jamie Strandboge
jamie at canonical.com
Wed Oct 30 21:06:00 UTC 2013
On 10/30/2013 01:31 PM, Jamie Strandboge wrote:
> On 10/30/2013 12:39 PM, Christian Boltz wrote:
>> Hello,
>>
>> dnsmasq needs read access to more files in /var/lib/libvirt/dnsmasq/
>> (at least *.conf and *.addnhosts)
>>
>> Since this directory contains only files that are intended for dnsmasq
>> (also confirmed by Jim Fehlig, the SUSE libvirt maintainer), the best
>> way is to just allow "/var/lib/libvirt/dnsmasq/* r,"
>>
>> References: https://bugzilla.novell.com/show_bug.cgi?id=848215
>>
>> I propose this patch for trunk and the 2.8 branch.
>>
>>
>> === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
>> --- profiles/apparmor.d/usr.sbin.dnsmasq 2013-08-20 22:52:22
>> +++ profiles/apparmor.d/usr.sbin.dnsmasq 2013-10-30 19:33:18
>> @@ -43,10 +43,10 @@
>> @{TFTP_DIR}/ r,
>> @{TFTP_DIR}/** r,
>>
>> - # libvirt lease and hosts files for dnsmasq
>> + # libvirt config, lease and hosts files for dnsmasq
>> /var/lib/libvirt/dnsmasq/ r,
>> + /var/lib/libvirt/dnsmasq/* r,
>> /var/lib/libvirt/dnsmasq/*.leases rw,
>> - /var/lib/libvirt/dnsmasq/*.hostsfile r,
>>
>> # libvirt pid files for dnsmasq
>> /{,var/}run/libvirt/network/ r,
>>
>
> +1 for trunk and 2.8
>
Sorry, ACK
--
Jamie Strandboge http://www.ubuntu.com/
More information about the AppArmor
mailing list