[apparmor] [PATCH profile 1/1] dnsmasq: Adjust pattern for log files to comply SELinux

Petr Vorel Wed, 07 Nov 2018 11:36:02 -0800

Commit 025c7dc6 ("dnsmasq: Add permission to open log files") added
pattern, which is not compatible with SELinux. As this pattern has been
in SELinux since 2011 IMHO it's better to adjust our profile.


Signed-off-by: Petr Vorel <pvo...@suse.cz>
---
Hi,

I'm sorry I didn't check that properly before.

BTW I'm going to propose our LXC and NetworkManager fixes to SELinux.
Some projects suffer from AppArmor and SELinux profile incompatibility.

Kind regards,
Petr
---
 profiles/apparmor.d/usr.sbin.dnsmasq | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq 
b/profiles/apparmor.d/usr.sbin.dnsmasq
index f2e6847d..4a882720 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -45,7 +45,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq 
flags=(attach_disconnected) {
 
   /usr/{bin,sbin}/dnsmasq mr,
 
-  /var/log/*dnsmasq.log w,
+  /var/log/dnsmasq.* w,
 
   /usr/share/dnsmasq/ r,
   /usr/share/dnsmasq/* r,
-- 
2.19.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH profile 1/1] dnsmasq: Adjust pattern for log files to comply SELinux

Reply via email to