[apparmor] [PATCH] update nameservice abstraction for networkd

Christian Boltz apparmor at cboltz.de
Tue Jan 5 22:55:00 UTC 2016


Hello,

Am Dienstag, 5. Januar 2016 schrieb Jamie Strandboge:
>  0001-fix-nameservice-abstraction-for-networkd.patch

> allow read on /run/systemd/resolve/resolv.conf for systems using
> networkd (LP: #1529074)
> 
> Signed-Off-By: Jamie Strandboge <jamie at canonical.com>
> 
> Index: apparmor-2.10/profiles/apparmor.d/abstractions/nameservice
> ===================================================================
> --- apparmor-2.10.orig/profiles/apparmor.d/abstractions/nameservice
> +++ apparmor-2.10/profiles/apparmor.d/abstractions/nameservice
> @@ -38,6 +38,9 @@
> 
>    # /etc/resolvconf/run/resolv.conf
>    /{,var/}run/resolvconf/resolv.conf r,
>    /etc/resolvconf/run/resolv.conf r,
> +  # on systems using systemd's networkd, /etc/resolv.conf is a symlink to
> +  # /run/systemd/resolve/resolv.conf
> +  /{,var/}run/systemd/resolve/resolv.conf r,

I'd wrap the comment slightly different to get shorter lines:

+  # on systems using systemd's networkd, /etc/resolv.conf is a
+  # symlink to /run/systemd/resolve/resolv.conf

(but that's just to avoid quoting linebreak fun in KMail ;-)

With or without that changed,
    Acked-by: Christian Boltz <apparmor at cboltz.de>
    (also for 2.10 and 2.9 if you think it's needed there)


Regards,

Christian Boltz
-- 
The former solution seems to be a lot of "monkey work", [...]
I don't think it would be viable on a long term approach. We
better succeed in the latter approach.. or buy lot of banana :)
[Rémy Marquis in opensuse-wiki]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160105/01783c0f/attachment.pgp>


More information about the AppArmor mailing list