[apparmor] [PATCH] update nameservice abstraction for networkd
Christian Boltz
apparmor at cboltz.de
Tue Jan 5 22:55:00 UTC 2016
Hello,
Am Dienstag, 5. Januar 2016 schrieb Jamie Strandboge:
> 0001-fix-nameservice-abstraction-for-networkd.patch
> allow read on /run/systemd/resolve/resolv.conf for systems using
> networkd (LP: #1529074)
>
> Signed-Off-By: Jamie Strandboge <jamie at canonical.com>
>
> Index: apparmor-2.10/profiles/apparmor.d/abstractions/nameservice
> ===================================================================
> --- apparmor-2.10.orig/profiles/apparmor.d/abstractions/nameservice
> +++ apparmor-2.10/profiles/apparmor.d/abstractions/nameservice
> @@ -38,6 +38,9 @@
>
> # /etc/resolvconf/run/resolv.conf
> /{,var/}run/resolvconf/resolv.conf r,
> /etc/resolvconf/run/resolv.conf r,
> + # on systems using systemd's networkd, /etc/resolv.conf is a symlink to
> + # /run/systemd/resolve/resolv.conf
> + /{,var/}run/systemd/resolve/resolv.conf r,
I'd wrap the comment slightly different to get shorter lines:
+ # on systems using systemd's networkd, /etc/resolv.conf is a
+ # symlink to /run/systemd/resolve/resolv.conf
(but that's just to avoid quoting linebreak fun in KMail ;-)
With or without that changed,
Acked-by: Christian Boltz <apparmor at cboltz.de>
(also for 2.10 and 2.9 if you think it's needed there)
Regards,
Christian Boltz
--
The former solution seems to be a lot of "monkey work", [...]
I don't think it would be viable on a long term approach. We
better succeed in the latter approach.. or buy lot of banana :)
[Rémy Marquis in opensuse-wiki]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160105/01783c0f/attachment.pgp>
More information about the AppArmor
mailing list