[Maas-devel] dhcpd apparmor setup
Jeroen Vermeulen
jtv at canonical.com
Wed Sep 12 01:56:00 UTC 2012
On 2012-09-11 22:06, Scott Moser wrote:
> I just spoke with jdstrand in #ubuntu-server on this, and he suggested we
> should SRU a change to isc-dhcp-server to have
> '#include <isc-dhcpd.d>' in its /etc/apparmor.d/usr.sbin.dhcpd and create
> that directory on installation.
That'd be great. But we need it fast, and in both Precise and Quantal!
It's blocking our ability to restrict dhcpd to the right interfaces.
Having this task stuck in mid-execution for so long is not good.
>> Does that sound about right? We'll need to have an installed snippet that
>> grants these permissions, presumably in /etc/maas somewhere. Scott, would it
>> be possible for you to provide the snippet, have it installed, and patch the
>> local apparmor profile to #include the snippet? I already have an upstart
>> script and I can make the python-side changes to run a customized dhcpd
>> instance.
>
> snippet?
Yes, the file that in your terms would be <isc-dhcpd.d/maas>. Once we
have this all done on the packaging side, I can make the required
changes to trunk. I also have a custom upstart script ready.
Jeroen
More information about the Maas-devel
mailing list