Bug#934869: [pkg-apparmor] Bug#934869: /etc/apparmor.d/usr.sbin.dnsmasq: profile doesn’t allow dnsmasq-base DNSSEC files
* intrigeri (intrig...@debian.org) wrote: > Next time, please consider submitting your fixes directly there: > taking me off the critical path would surely speed up the process > considerably :) Thanks! And sorry, I remember struggling a little with where and against which package(apparmor/dnsmasq) to file the bug. I'll Try Harder™ Thanks, James
Bug#934869: [pkg-apparmor] Bug#934869: /etc/apparmor.d/usr.sbin.dnsmasq: profile doesn’t allow dnsmasq-base DNSSEC files
Control: forwarded -1 https://gitlab.com/apparmor/apparmor/-/merge_requests/547 Hi, James Rowe (2019-08-16): > If DNSSEC validation is enabled in the dnsmasq config file then the > /usr/share/dnsmasq-base/trust-anchors.conf should be read by dnsmasq. > However, the profile doesn’t allow access to it. > > The following simple patch enables reading the DNS setup from > dnsmasq-base: Thank you. I've forwarded this as a merge request upstream: https://gitlab.com/apparmor/apparmor/-/merge_requests/547 I expect the fix will be part of the upstream 3.0 release. Next time, please consider submitting your fixes directly there: taking me off the critical path would surely speed up the process considerably :)
Bug#934869: /etc/apparmor.d/usr.sbin.dnsmasq: profile doesn’t allow dnsmasq-base DNSSEC files
Package: apparmor-profiles Version: 2.13.2-10 Severity: normal File: /etc/apparmor.d/usr.sbin.dnsmasq Dear Maintainer, If DNSSEC validation is enabled in the dnsmasq config file then the /usr/share/dnsmasq-base/trust-anchors.conf should be read by dnsmasq. However, the profile doesn’t allow access to it. The following simple patch enables reading the DNS setup from dnsmasq-base: --- a/usr.sbin.dnsmasq +++ b/usr.sbin.dnsmasq @@ -51,6 +51,8 @@ /usr/share/dnsmasq/ r, /usr/share/dnsmasq/* r, + /usr/share/dnsmasq-base/ r, + /usr/share/dnsmasq-base/* r, /{,var/}run/*dnsmasq*.pid w, /{,var/}run/dnsmasq-forwarders.conf r, Thanks, James -- System Information: Debian Release: 10.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apparmor-profiles depends on: ii apparmor 2.13.2-10 apparmor-profiles recommends no packages. apparmor-profiles suggests no packages. -- no debconf information