[apparmor] [patch] nameservice: read permission to avahi socket

Steve Beattie steve at nxnw.org
Sun Jan 26 20:18:48 UTC 2014


On Sun, Jan 26, 2014 at 11:07:37AM +0100, Felix Geyer wrote:
> On 06.11.2013 00:07, John Johansen wrote:
> > On 11/02/2013 08:15 AM, Felix Geyer wrote:
> >> Hi,
> >>
> >> AppArmor requires read and write permission to connect to
> >> unix domain sockets but the nameservice abstraction only
> >> grants write access to the avahi socket.
> >> As a result mdns name resolution fails.
> >>
> >> I propose this simple patch to add the read permission:
> >>
> >> === modified file 'profiles/apparmor.d/abstractions/nameservice'
> >> --- profiles/apparmor.d/abstractions/nameservice	2013-01-02 23:34:38 +0000
> >> +++ profiles/apparmor.d/abstractions/nameservice	2013-11-02 15:03:20 +0000
> >> @@ -50,7 +50,7 @@
> >>    /etc/default/nss               r,
> >>
> >>    # avahi-daemon is used for mdns4 resolution
> >> -  /{,var/}run/avahi-daemon/socket w,
> >> +  /{,var/}run/avahi-daemon/socket rw,
> >>
> >>    # nis
> >>    #include <abstractions/nis>
> >>
> > yep this is true for saucy and on
> >
> > Acked-by: John Johansen <john.johansen at canonical.com>
> 
> Ping, this hasn't been committed yet.

My apologies, I've committed this now. Thanks!

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140126/d9f539ab/attachment.pgp>


More information about the AppArmor mailing list