[apparmor] [patch] nameservice: read permission to avahi socket
Felix Geyer
debfx at ubuntu.com
Sun Jan 26 10:07:37 UTC 2014
On 06.11.2013 00:07, John Johansen wrote:
> On 11/02/2013 08:15 AM, Felix Geyer wrote:
>> Hi,
>>
>> AppArmor requires read and write permission to connect to
>> unix domain sockets but the nameservice abstraction only
>> grants write access to the avahi socket.
>> As a result mdns name resolution fails.
>>
>> I propose this simple patch to add the read permission:
>>
>> === modified file 'profiles/apparmor.d/abstractions/nameservice'
>> --- profiles/apparmor.d/abstractions/nameservice 2013-01-02 23:34:38 +0000
>> +++ profiles/apparmor.d/abstractions/nameservice 2013-11-02 15:03:20 +0000
>> @@ -50,7 +50,7 @@
>> /etc/default/nss r,
>>
>> # avahi-daemon is used for mdns4 resolution
>> - /{,var/}run/avahi-daemon/socket w,
>> + /{,var/}run/avahi-daemon/socket rw,
>>
>> # nis
>> #include <abstractions/nis>
>>
> yep this is true for saucy and on
>
> Acked-by: John Johansen <john.johansen at canonical.com>
Ping, this hasn't been committed yet.
Cheers,
Felix
More information about the AppArmor
mailing list