[apparmor] [PATCH] update dnsmasq for read access to /proc/sys/kernel/cap_last_cap
Jamie Strandboge
jamie at canonical.com
Wed Oct 8 19:40:11 UTC 2014
On 10/08/2014 02:04 PM, Seth Arnold wrote:
> On Wed, Oct 08, 2014 at 01:24:50PM -0500, Jamie Strandboge wrote:
>>
>> --
>> Jamie Strandboge http://www.ubuntu.com/
>
>> Description: update dnsmasq for read access to /proc/sys/kernel/cap_last_cap
>> Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1378977
>>
>> Acked-By: Jamie Strandboge <jamie at canonical.com>
>
> This has the feeling of something that's unlikely to be spceial to
> dnsmasq; it'd be lovely to know which API it's using that does this so we
> can better figure an abstraction to put it with. (base comes to mind, but
> perhaps that's just further abuse of poor old base.)
>
I don't know what started using it. I didn't see any other policy requiring it
so I filed it against dnsmasq. That said, I found:
http://lkml.iu.edu/hypermail/linux/kernel/1110.1/02980.html
"Userspace needs to know the highest valid capability of the running
kernel, which right now cannot reliably be retrieved from the header
files only. The fact that this value cannot be determined properly
right now creates various problems for libraries compiled on newer
header files which are run on older kernels. They assume
capabilities are available which actually aren't.
Now the capability is exported in /proc/sys/kernel/cap_last_cap."
I don't think we need to investigate further, this seems appropriate for the
base abstraction. Attached is a new patch to do that.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lp1378977_v2.patch
Type: text/x-diff
Size: 922 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141008/ef04baf2/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141008/ef04baf2/attachment.pgp>
More information about the AppArmor
mailing list