[apparmor] [PATCH] profiles: Add attach_disconnected flag to dnsmasq profile
Christian Boltz
apparmor at cboltz.de
Tue Apr 12 21:33:51 UTC 2016
Hello,
Am Dienstag, 12. April 2016, 16:27:32 CEST schrieb Tyler Hicks:
> https://launchpad.net/bugs/1569316
>
> When Ubuntu made the jump from network-manager 1.0.4 to 1.1.93, the
> dnsmasq process spawned from network-manager started hitting a
> disconnected path denial:
>
> audit: type=1400 audit(1460463960.943:31702): apparmor="ALLOWED"
> operation="connect" info="Failed name lookup - disconnected path"
> error=-13 profile="/usr/sbin/dnsmasq"
> name="run/dbus/system_bus_socket" pid=3448 comm="dnsmasq"
> requested_mask="wr" denied_mask="wr" fsuid=65534 ouid=0
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
> profiles/apparmor.d/usr.sbin.dnsmasq | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq
> b/profiles/apparmor.d/usr.sbin.dnsmasq index f7834e9..34e16cc 100644
> --- a/profiles/apparmor.d/usr.sbin.dnsmasq
> +++ b/profiles/apparmor.d/usr.sbin.dnsmasq
> @@ -12,7 +12,7 @@
> @{TFTP_DIR}=/var/tftp /srv/tftpboot
>
> #include <tunables/global>
> -/usr/sbin/dnsmasq {
> +/usr/sbin/dnsmasq flags=(attach_disconnected) {
> #include <abstractions/base>
> #include <abstractions/dbus>
> #include <abstractions/nameservice>
Acked-by: Christian Boltz <apparmor at cboltz.de> for trunk, 2.10 and 2.9
Regards,
Christian Boltz
--
> Hat jemand eine derartige Konstellation und kann mir kurz den Kopp
> auf die Tischplatte haun ? ;-)
*autsch* Tut das nicht weh?
[> Oli Weiss und Christian Boltz in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160412/b4b0d2ea/attachment.pgp>
More information about the AppArmor
mailing list