Hi, Simon McVittie wrote (05 Feb 2016 17:50:25 GMT) : > I would like to propose this patch:
> --- /etc/apparmor.d/abstractions/nameservice 2016-02-02 13:49:52.929534484 > +0000 > +++ /home/smcv/tmp/nameservice 2016-02-05 17:34:58.929681171 +0000 > @@ -35,8 +35,9 @@ > /etc/resolv.conf r, > # on systems using resolvconf, /etc/resolv.conf is a symlink to > # /{,var/}run/resolvconf/resolv.conf and a file sometimes referenced in > - # /etc/resolvconf/run/resolv.conf > - /{,var/}run/resolvconf/resolv.conf r, > + # /etc/resolvconf/run/resolv.conf. Similarly, if NetworkManager is used > + # without resolvconf, /etc/resolv.conf is a symlink to its own resolv.conf. > + /{,var/}run/{resolvconf,NetworkManager}/resolv.conf r, > /etc/resolvconf/run/resolv.conf r, Cool, thanks! I'm going to rebase it on top of current upstream head, and propose it there. If it's not too much of a burden for you, don't hesitate to propose such patches upstream directly in the future :) > For a bit of future-proofing, you might also want to allow systemd/resolve > as a third option in the {} group (see systemd-resolved(8) for details). It seems that we have it upstream since r3328: https://bazaar.launchpad.net/~apparmor-dev/apparmor/master/annotate/head:/profiles/apparmor.d/abstractions/nameservice Cheers, -- intrigeri