Hi, > i.e. move '*' from beginning to before suffix.
> Commit 025c7dc6 ("dnsmasq: Add permission to open log files") added > pattern, which is not compatible with SELinux. As this pattern has been > in SELinux since 2011 (with recent change to accept '.log' suffix + > logrotate patterns which are not relevant to AppArmor) IMHO it's better > to adjust our profile. > Fixes: 025c7dc6 ("dnsmasq: Add permission to open log files") > Signed-off-by: Petr Vorel <pvo...@suse.cz> > --- > profiles/apparmor.d/usr.sbin.dnsmasq | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq > b/profiles/apparmor.d/usr.sbin.dnsmasq > index fba51259..f14a370a 100644 > --- a/profiles/apparmor.d/usr.sbin.dnsmasq > +++ b/profiles/apparmor.d/usr.sbin.dnsmasq > @@ -45,7 +45,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq > flags=(attach_disconnected) { > /usr/{bin,sbin}/dnsmasq mr, > - /var/log/*dnsmasq.log w, > + /var/log/dnsmasq*.log w, > /usr/share/dnsmasq/ r, > /usr/share/dnsmasq/* r, Ping, please. Kind regards, Petr -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor