[apparmor] [patch] dnsmasq profile update
Christian Boltz
apparmor at cboltz.de
Fri Sep 18 17:15:37 UTC 2015
Hello,
Am Mittwoch, 16. September 2015 schrieb Seth Arnold:
> On Wed, Sep 16, 2015 at 02:18:32PM +0200, Christian Boltz wrote:
> > this patch is based on a SLE12 patch to allow executing the
> > --dhcp-script. We already have most parts of that patch since r2841,
> > except:
> > - the SLE bugreport indicates that /bin/sh is executed (which is
> > usually>
> > a symlink to /bin/bash or /bin/dash), so we should also allow
> > /bin/sh
> >
> > - /dev/tty rw - the SLE bug doesn't explain why it's needed, but
> > from
> >
> > looking at (link taken from the bugreport)
> > http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/lease.
> > c;h=8adb60588671324d9ddf00d7dab40474d40d4393;hb=HEAD#l45 I'd guess
> > that fscanf() (line 70) should explain it.
> >
> > References: https://bugzilla.opensuse.org/show_bug.cgi?id=940749
> > (non-public)
> I don't like the /dev/tty; that deserves more investigation. The
> fscanf() on 70 is reading a file specified in a configuration option,
> so that's not likely to be it.
I asked in the bugreport and will send the /dev/tty patch again if
someone gives me a good reason to do that. Otherwise, well, it's just
SLE and I "randomly" found that patch [1], so... ;-)
> The /bin/sh change is fine though, that bit can go into trunk and 2.9.
>
> Acked-by: Seth Arnold <seth.arnold at canonicalc.com>
Thanks, commited.
Regards,
Christian Boltz
[1] compare that with "someone submitted that patch" ;-)
--
> [...] is currently down due to a failure in the NAS system.
> [...]
> your NAS (network attached storage)
Oh. I thought it stood for Networked Adrian Schröter :D
[> Adrian Schröter and Jean Delvare in opensuse-buildservice]
More information about the AppArmor
mailing list