Hi,
> i.e. move '*' from beginning to before suffix.
> Commit 025c7dc6 ("dnsmasq: Add permission to open log files") added
> pattern, which is not compatible with SELinux. As this pattern has been
> in SELinux since 2011 (with recent change to accept '.log' suffix +
> logrotate patterns which are not relevant to AppArmor) IMHO it's better
> to adjust our profile.
> Fixes: 025c7dc6 ("dnsmasq: Add permission to open log files")
> Signed-off-by: Petr Vorel <pvo...@suse.cz>
> ---
> profiles/apparmor.d/usr.sbin.dnsmasq | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq
> b/profiles/apparmor.d/usr.sbin.dnsmasq
> index fba51259..f14a370a 100644
> --- a/profiles/apparmor.d/usr.sbin.dnsmasq
> +++ b/profiles/apparmor.d/usr.sbin.dnsmasq
> @@ -45,7 +45,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq
> flags=(attach_disconnected) {
> /usr/{bin,sbin}/dnsmasq mr,
> - /var/log/*dnsmasq.log w,
> + /var/log/dnsmasq*.log w,
> /usr/share/dnsmasq/ r,
> /usr/share/dnsmasq/* r,
Ping, please.
Kind regards,
Petr
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
