[Bug 1796189] Re: apparmor DENIED errors
Andreas Hasenack
andreas at canonical.com
Mon Nov 19 17:58:44 UTC 2018
Brief irc conversation about these changes, from https://irclogs.ubuntu.com/2018/10/04/%23ubuntu-devel.html#t18:22:
out 04 15:22:27 <ahasenack> infinity: apply this to /etc/apparmor.d/usr.sbin.squid: https://pastebin.ubuntu.com/p/R6Z84ZdsfP/
out 04 15:22:41 <ahasenack> then issue sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.squid
out 04 15:22:52 <ahasenack> jdstrand: looks ok? ^
(...)
out 04 15:27:28 <jdstrand> ahasenack: lgtm
out 04 15:27:33 <ahasenack> jdstrand: thx
Mentioned pastebin is:
--- etc/apparmor.d/usr.sbin.squid
+++ etc/apparmor.d/usr.sbin.squid
@@ -3,7 +3,7 @@
# vim:syntax=apparmor
#include <tunables/global>
-/usr/sbin/squid {
+/usr/sbin/squid flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
@@ -18,6 +18,7 @@
# alternatively include the <abstractions/ssl_keys> abstraction, which
# gives read access to the entire contents of /etc/ssl
+ capability net_admin,
capability net_raw,
capability setuid,
capability setgid,
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to squid in Ubuntu.
https://bugs.launchpad.net/bugs/1796189
Title:
apparmor DENIED errors
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1796189/+subscriptions
More information about the Ubuntu-server-bugs
mailing list