Package: apparmor-profiles Version: 2.13.2-10 Severity: normal File: /etc/apparmor.d/usr.sbin.dnsmasq
Dear Maintainer, If DNSSEC validation is enabled in the dnsmasq config file then the /usr/share/dnsmasq-base/trust-anchors.conf should be read by dnsmasq. However, the profile doesn’t allow access to it. The following simple patch enables reading the DNS setup from dnsmasq-base: --- a/usr.sbin.dnsmasq +++ b/usr.sbin.dnsmasq @@ -51,6 +51,8 @@ /usr/share/dnsmasq/ r, /usr/share/dnsmasq/* r, + /usr/share/dnsmasq-base/ r, + /usr/share/dnsmasq-base/* r, /{,var/}run/*dnsmasq*.pid w, /{,var/}run/dnsmasq-forwarders.conf r, Thanks, James -- System Information: Debian Release: 10.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apparmor-profiles depends on: ii apparmor 2.13.2-10 apparmor-profiles recommends no packages. apparmor-profiles suggests no packages. -- no debconf information