On 4/1/25 23:39, Sam Pinkus wrote:
Hi,
I'm rrying to create an apparmor profile for dnsmasq. Even in complain mode
dnsmasq daemon won't start with:
> dnsmasq[60146]: unknown user or group: dnsmasq
Presuming it's something to do with dnsmasq switching users to dnsmasq. But how
to account for this in the profile? And why is this happening even in complain
mode?
so my guess is it is to do with namespacing. If this is correct you should see denied
messages with info="Failed name lookup - disconnected path"
you can get around this atm by specifying flags=(attach_disconnected) for the
profile.
eg.
profile example /usr/bin/example flags=(attach_disconnected) {
...
}
