[apparmor] [PATCH profile 1/2] dnsmasq: Adjust pattern for log files to comply SELinux
Petr Vorel
pvorel at suse.cz
Fri Dec 7 10:17:10 UTC 2018
Hi,
> i.e. move '*' from beginning to before suffix.
> Commit 025c7dc6 ("dnsmasq: Add permission to open log files") added
> pattern, which is not compatible with SELinux. As this pattern has been
> in SELinux since 2011 (with recent change to accept '.log' suffix +
> logrotate patterns which are not relevant to AppArmor) IMHO it's better
> to adjust our profile.
> Fixes: 025c7dc6 ("dnsmasq: Add permission to open log files")
> Signed-off-by: Petr Vorel <pvorel at suse.cz>
> ---
> profiles/apparmor.d/usr.sbin.dnsmasq | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
> index fba51259..f14a370a 100644
> --- a/profiles/apparmor.d/usr.sbin.dnsmasq
> +++ b/profiles/apparmor.d/usr.sbin.dnsmasq
> @@ -45,7 +45,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
> /usr/{bin,sbin}/dnsmasq mr,
> - /var/log/*dnsmasq.log w,
> + /var/log/dnsmasq*.log w,
> /usr/share/dnsmasq/ r,
> /usr/share/dnsmasq/* r,
Ping, please.
Kind regards,
Petr
More information about the AppArmor
mailing list