[apparmor] [PATCH] update nameservice abstraction for system stub resolver

Seth Arnold seth.arnold at canonical.com
Fri Sep 15 19:55:32 UTC 2017


On Fri, Sep 15, 2017 at 07:58:44AM -0500, Jamie Strandboge wrote:
> 
> Subject says it all. Note, this is using /{,var/}run/... since everything else
> in the nameservice abstraction still is. I'll send a follow-up patch to remove
> all of this once and for all.
> 
> Signed-Off-By: Jamie Strandboge <jamie at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> 
> -- 
> Jamie Strandboge             | http://www.canonical.com

> Author: Jamie Strandboge <jamie at canonical.com>
> Description: allow access to stub resolver configuration
> 
> Index: apparmor-2.11.0/profiles/apparmor.d/abstractions/nameservice
> ===================================================================
> --- apparmor-2.11.0.orig/profiles/apparmor.d/abstractions/nameservice
> +++ apparmor-2.11.0/profiles/apparmor.d/abstractions/nameservice
> @@ -37,6 +37,7 @@
>    # a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf.
>    /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman}/resolv.conf r,
>    /etc/resolvconf/run/resolv.conf r,
> +  /{,var/}run/systemd/resolve/stub-resolv.conf r,
>  
>    /etc/samba/lmhosts      r,
>    /etc/services           r,



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170915/54374c3d/attachment.sig>


More information about the AppArmor mailing list