On Sun, Sep 06, 2015 at 01:32:06PM +0200, Christian Boltz wrote: > Hello, > > Am Samstag, 15. August 2015 schrieb Christian Boltz: > > this patch adds some permissions that I need on my system: > > - execute nm-dhcp-helper > > - read and write /var/lib/dhcp6/dhclient.leases > > - read /var/lib/NetworkManager/dhclient-*.conf > > - read and write /var/lib/NetworkManager/dhclient-*.conf > > > > I propose this patch for trunk and 2.9. > > > > According to the apparmor-profiles repo, Ubuntu ships a (different?) > > profile for dhclient and Debian thinks about including it: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795467 > > so we should merge it and move it from extras to the default profiles > > (but that's something for another patch ;-) > > Any comments or reviews? > > If nobody objects, I'll commit to trunk and 2.9 as Acked-by <timeout> on > tuesday.
Looking at what we have in the Ubuntu profile, these
changes are all fine, though the profile Ubuntu ships has
/usr/lib/NetworkManager/nm-dhcp-helper broken out into a separate
profile (Px transition rather than ix).
> > [ update-dhclient-profile.diff ]
> >
> > === modified file 'profiles/apparmor/profiles/extras/sbin.dhclient'
> > --- profiles/apparmor/profiles/extras/sbin.dhclient 2013-01-02
> > 23:34:38 +0000
> > +++ profiles/apparmor/profiles/extras/sbin.dhclient 2015-08-15
> > 11:36:26 +0000
> > @@ -1,6 +1,7 @@
> > # ------------------------------------------------------------------
> > #
> > # Copyright (C) 2002-2005 Novell/SUSE
> > +# Copyright (C) 2015 Christian Boltz
> > #
> > # This program is free software; you can redistribute it and/or
> > # modify it under the terms of version 2 of the GNU General Public
> > @@ -25,6 +26,8 @@
> > #include <abstractions/bash>
> > #include <abstractions/nameservice>
> >
> > + capability net_raw,
> > +
> > network packet packet,
> > network packet raw,
> >
> > @@ -47,13 +50,17 @@
> > /usr/bin/uptime mrix,
> > /usr/bin/vmstat mrix,
> > /usr/bin/w mrix,
> > + /usr/lib/nm-dhcp-helper rix,
> > /var/lib/dhcp/dhclient.leases rw,
> > /var/lib/dhcp/dhclient-*.leases rw,
> > + /var/lib/dhcp6/dhclient.leases rw,
> > + /var/lib/NetworkManager/dhclient-*.conf r,
> > + /var/lib/NetworkManager/dhclient-*.lease rw,
> > /var/log/lastlog r,
> > /var/log/messages r,
> > /var/log/wtmp r,
> > - /{,var/}run/dhclient.pid rw,
> > - /{,var/}run/dhclient-*.pid rw,
> > + /{,var/}run/dhclient.pid rw,
> > + /{,var/}run/dhclient-*.pid rw,
> > /var/spool r,
> > /var/spool/mail r,
>
>
> Regards,
>
> Christian Boltz
> --
> Immerwieder der gleiche Anfaengerfehler:
> /dev/null ist fuer Backup,
> /dev/zero ist fuer Restore.
> [J. P. Meier]
>
>
> --
> AppArmor mailing list
> [email protected]
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<[email protected]>
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
