[apparmor] [patch] dnsmasq profile - allow to read /proc/sys/...../mtu
Seth Arnold
seth.arnold at canonical.com
Sat Sep 6 00:28:14 UTC 2014
On Sat, Sep 06, 2014 at 01:01:32AM +0200, Christian Boltz wrote:
> Hello,
>
> I received the following patch from Jim Fehlig:
>
> References:
> https://bugzilla.novell.com/show_bug.cgi?id=892374 (non-public)
> https://build.opensuse.org/request/show/247613
> https://build.opensuse.org/request/show/247625
>
> Note: with the current directory layout, ..../conf/*/mtu would be
> enough, but Jim proposes ** to make it future-proof (see the discussion
> on https://build.opensuse.org/request/show/247613 )
>
> Opinions on * vs. **?
I prefer *. If it changes we can adapt.
>
> I also propose this patch for the 2.8 branch.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
for both trunk and 2.8
Thanks
>
>
>
>
> Allow dnsmasq read access to IPv6 config
>
> The IPv6 Neighbor Discovery protocol (RFC 2461) suggests
> implementations provide MTU in Router Advertisement (RA)
> messages. From section 4.2
>
> MTU SHOULD be sent on links that have a variable MTU
> (as specified in the document that describes how to
> run IP over the particular link type). MAY be sent
> on other links.
>
> dnsmasq supports this option and should have read access
> to an interface's MTU.
>
>
> Index: apparmor-2.8.3/profiles/apparmor.d/usr.sbin.dnsmasq
> ===================================================================
> --- apparmor-2.8.3.orig/profiles/apparmor.d/usr.sbin.dnsmasq
> +++ apparmor-2.8.3/profiles/apparmor.d/usr.sbin.dnsmasq
> @@ -38,6 +38,10 @@
>
> /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server
> usage
>
> + # access to iface mtu needed for Router Advertisement messages in
> IPv6
> + # Neighbor Discovery protocol (RFC 2461)
> + @{PROC}/sys/net/ipv6/conf/**/mtu r,
> +
> # for the read-only TFTP server
> @{TFTP_DIR}/ r,
> @{TFTP_DIR}/** r,
>
>
>
>
>
> Regards,
>
> Christian Boltz
> --
> I have to trust my government, even if I don't.
> [Carlos E. R. in opensuse-factory]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140905/9ccbff22/attachment.pgp>
More information about the AppArmor
mailing list