[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Closing this bug based on my last comment. ** Changed in: apparmor (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1703520 Title

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

The attach_disconnected flag was added to the dnsmasq profile just before 16.04 was released: https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

For the records: revno: 3437 fixes bug: https://launchpad.net/bugs/1569316 committer: Tyler Hicks branch nick: apparmor timestamp: Tue 2016-04-12 16:36:43 -0500 message: profiles: Add attach_disconnected flag to dnsmasq profile https://launchpad.net/bugs/1569316 When Ubuntu made the j

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

@Bjoern can you set a couple of apparmor flags and report back what is reported in the logs? Specifically as root can you do echo -n "noquiet" > /sys/module/apparmor/parameters/audit echo 1 > /sys/module/apparmor/parameters/debug echo 0 > /proc/sys/kernel/printk_ratelimit and then restart dnsma

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Hello Seth Arnold, i don't have change anything at dnsmasq. I have only create a profile and set the profile in complain mode. Normally in complain mode Apparmor shouldn't block anything. Apparmor should only log. Why should apparmor influence the behaviour of dnsmasq in complain mode? -- You

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

P.S. In the log file i can see, that Apparmor have allowed the connection. I don't know why dnsmasq doesn't work with Apparmor in complain mode. But apparmor have allowed the connection. Why did this influence dnsmasq? -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Did you by chance change anything related to dnsmasq's startup? This looks like dnsmasq is now starting in a private filesystem namespace without access to the dbus sockets. It's possible to adapt the AppArmor profile for this (by adding the attach_disconnected flag to the profile) but the downside

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

** Description changed: After i have firefox, chromium-browser and dnsmasq profiled with sudo aa-autodep (complain-mode was used), i can not resolving websites. (Log is at the attachement) - I have copied the profiles of the three programms from the top in /etc/apparmor.d/disable and aft