[apparmor] [PATCH] 3/3 dnsmasq should also allow /bin/dash
Seth Arnold
seth.arnold at canonical.com
Fri Jul 24 19:50:28 UTC 2015
On Fri, Jul 24, 2015 at 12:41:30PM -0500, Jamie Strandboge wrote:
> profiles/apparmor.d/usr.sbin.dnsmasq: allow /bin/dash in addition to /bin/bash
>
> Signed-off-by: Jamie Strandboge <jamie at canonical.com>
It might also make sense to pre-emptively add /bin/sh, too; probably some
distribution uses a /bin/sh that's not a symlink to something else.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Acked for both 2.9 and trunk.
Thanks
> ------------------------------------------------------------
> revno: 3211
> committer: Jamie Strandboge <jamie at ubuntu.com>
> branch nick: apparmor.wily-profile-updates
> timestamp: Fri 2015-07-24 12:32:21 -0500
> message:
> profiles/apparmor.d/usr.sbin.dnsmasq: allow /bin/dash in addition to /bin/bash
>
> Signed-off-by: Jamie Strandboge <jamie at canonical.com>
> diff:
> === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
> --- profiles/apparmor.d/usr.sbin.dnsmasq 2015-03-30 03:49:09 +0000
> +++ profiles/apparmor.d/usr.sbin.dnsmasq 2015-07-24 17:32:21 +0000
> @@ -45,7 +45,7 @@
>
> /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
>
> - /bin/bash ix, # Required to execute --dhcp-script argument
> + /bin/{b,d}ash ix, # Required to execute --dhcp-script argument
>
> # access to iface mtu needed for Router Advertisement messages in IPv6
> # Neighbor Discovery protocol (RFC 2461)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150724/8bb93657/attachment-0001.pgp>
More information about the AppArmor
mailing list