[apparmor] [patch] fix dnsmasq profile to allow executing bash and allow lib64 libvirt_leaseshelper script
Christian Boltz
apparmor at cboltz.de
Mon Dec 22 13:06:10 UTC 2014
Hello,
this patch fixes the dnsmasq profile to allow executing bash to run the
--dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get
libvirt leasehelper script to run even on x86_64.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=911001
Patch by "Cédric Bosdonnat" <cbosdonnat at suse.com>
Note: the original patch used {lib,lib64} - I changed it to lib{,64}
to match the style we typically use.
I propose this patch for trunk and 2.9.
[ dnsmasq-profile-fixes.patch ]
Index: apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq
===================================================================
--- apparmor-2.9.0.orig/profiles/apparmor.d/usr.sbin.dnsmasq
+++ apparmor-2.9.0/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -44,6 +44,8 @@
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
+ /bin/bash ix, # Required to execute --dhcp-script argument
+
# access to iface mtu needed for Router Advertisement messages in IPv6
# Neighbor Discovery protocol (RFC 2461)
@{PROC}/sys/net/ipv6/conf/*/mtu r,
@@ -63,7 +65,7 @@
/{,var/}run/libvirt/network/*.pid rw,
# libvirt lease helper
- /usr/lib/libvirt/libvirt_leaseshelper ix,
+ /usr/lib{,64}/libvirt/libvirt_leaseshelper ix,
/{,var/}run/leaseshelper.pid rwk,
# NetworkManager integration
Regards,
Christian Boltz
--
Ich habe da eine Theorie: Betriebssysteme melden Fehler und wollen,
dass sie behoben werden. Bei Systemen wie Windows 9x sind die Fehler
wesentlicher Bestandteil und kein Grund, sich Sorgen zu machen.
[Steffen Lauterkorn in suse-linux]
More information about the AppArmor
mailing list