On Wed, May 03, 2017 at 04:10:01PM -0500, Jamie Strandboge wrote: > Signed-off-by: Jamie Strandboge <[email protected]>
Acked-by: Seth Arnold <[email protected]> I believe this may address bug 1655982. > === modified file 'profiles/apparmor.d/abstractions/base' > --- profiles/apparmor.d/abstractions/base 2017-04-12 17:35:10 +0000 > +++ profiles/apparmor.d/abstractions/base 2017-05-03 21:03:55 +0000 > @@ -33,7 +33,13 @@ > /usr/share/zoneinfo/ r, > /usr/share/zoneinfo/** r, > /usr/share/X11/locale/** r, > - /{,var/}run/systemd/journal/dev-log w, > + /run/systemd/journal/dev-log w, > + # systemd native journal API (see sd_journal_print(4)) > + /run/systemd/journal/socket w, > + # Nested containers and anything using systemd-cat need this. 'r' shouldn't > + # be required but applications fail without it. journald doesn't leak > + # anything when reading so this is ok. > + /run/systemd/journal/stdout rw, > > /usr/lib{,32,64}/locale/** mr, > /usr/lib{,32,64}/gconv/*.so mr, > Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
