On 08/27/2014 04:34 PM, Jamie Strandboge wrote: > Starting a subthread for some additions to John's patches. This series assumes > John's 12 patches are applied and includes updates to the apparmor.d man page > and some policy updates. I expect I might have to adjust this a bit, but > wanted > to send it up for comment. Let's have an ACK mean to apply it once it is safe > to > do so. > avahi uses the less common SOCK_DGRAM type instead of SOCK_RAW with netlink, so add rule for that.
-- Jamie Strandboge http://www.ubuntu.com/
Author: Jamie Strandboge <[email protected]> Description: update avahi-daemon for fine-grained netlink mediation Forwarded: no Index: apparmor-2.8.96~2541/profiles/apparmor.d/usr.sbin.avahi-daemon =================================================================== --- apparmor-2.8.96~2541.orig/profiles/apparmor.d/usr.sbin.avahi-daemon +++ apparmor-2.8.96~2541/profiles/apparmor.d/usr.sbin.avahi-daemon @@ -12,6 +12,8 @@ capability setgid, capability sys_chroot, + network netlink dgram, + /etc/avahi/ r, /etc/avahi/avahi-daemon.conf r, /etc/avahi/hosts r,
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
