On 10/30/2013 01:31 PM, Jamie Strandboge wrote: > On 10/30/2013 12:39 PM, Christian Boltz wrote: >> Hello, >> >> dnsmasq needs read access to more files in /var/lib/libvirt/dnsmasq/ >> (at least *.conf and *.addnhosts) >> >> Since this directory contains only files that are intended for dnsmasq >> (also confirmed by Jim Fehlig, the SUSE libvirt maintainer), the best >> way is to just allow "/var/lib/libvirt/dnsmasq/* r," >> >> References: https://bugzilla.novell.com/show_bug.cgi?id=848215 >> >> I propose this patch for trunk and the 2.8 branch. >> >> >> === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq' >> >> >> --- profiles/apparmor.d/usr.sbin.dnsmasq 2013-08-20 22:52:22 >> +++ profiles/apparmor.d/usr.sbin.dnsmasq 2013-10-30 19:33:18 >> @@ -43,10 +43,10 @@ >> @{TFTP_DIR}/ r, >> @{TFTP_DIR}/** r, >> >> - # libvirt lease and hosts files for dnsmasq >> + # libvirt config, lease and hosts files for dnsmasq >> /var/lib/libvirt/dnsmasq/ r, >> + /var/lib/libvirt/dnsmasq/* r, >> /var/lib/libvirt/dnsmasq/*.leases rw, >> - /var/lib/libvirt/dnsmasq/*.hostsfile r, >> >> # libvirt pid files for dnsmasq >> /{,var/}run/libvirt/network/ r, >> > > +1 for trunk and 2.8 > Sorry, ACK
-- Jamie Strandboge http://www.ubuntu.com/ -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
