[apparmor] [PATCH profile 1/1] dnsmasq: Add permission to open log files
Petr Vorel
pvorel at suse.cz
Mon Oct 8 14:44:01 UTC 2018
--log-facility option needs to have permission to open files.
Use '*' to allow using more files (for using more dnsmasq instances).
Signed-off-by: Petr Vorel <pvorel at suse.cz>
---
profiles/apparmor.d/usr.sbin.dnsmasq | 2 ++
1 file changed, 2 insertions(+)
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index 2b4b1bfc..f2e6847d 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -45,6 +45,8 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
/usr/{bin,sbin}/dnsmasq mr,
+ /var/log/*dnsmasq.log w,
+
/usr/share/dnsmasq/ r,
/usr/share/dnsmasq/* r,
--
2.19.0
More information about the AppArmor
mailing list