** Changed in: apparmor (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To manage
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To manage
Patch commited to bzr trunk r3574. AppArmor 2.11 will include it.
** Changed in: apparmor
Status: New => Fix Committed
** Changed in: apparmor
Milestone: None => 2.11
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
dnsmasq.* indeed sounds like a good idea, and shouldn't cause any harm.
I've sent another patch to the mailinglist for review.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In
Yes, so basically we have:
- dnsmasq.pid (create + read/write by dnsmasq)
- dnsmasq.raw (read by dnsmasq)
- dnsmasq.hosts (read by dnsmasq)
- dnsmasq.leases (create + read/write by dnsmasq)
I'd be tempted to just go with:
/var/lib/lxd/networks/*/dnsmasq.pid rw,
"c" means to create a file, so you'll need write permissions. Judging on other
rules in the profile, you'll also need read permissions. To sum it up:
/var/lib/lxd/networks/*/dnsmasq.pid rw,
Anything else after adding this?
--
You received this bug notification because you are a member of
Another message:
audit: type=1400 audit(1476791887.152:118): apparmor="DENIED"
operation="mknod" profile="/usr/sbin/dnsmasq"
name="/var/lib/lxd/networks/lxdbr0/dnsmasq.pid" pid=5480 comm="dnsmasq"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
--
You received this bug notification because
dnsmasq.leases added in trunk r3573 (before noticing comment #5 ;-)
comment #5 means you'll need to add
/var/lib/lxd/networks/*/dnsmasq.hosts r,
After adding this (and reloading the profile), do you see more DENIED
messages?
--
You received this bug notification because you are a member of
** Branch linked: lp:apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To manage notifications about this bug go to:
I'm afraid it won't be enough...:
audit: type=1400 audit(1476780672.803:99): apparmor="DENIED"
operation="open" profile="/usr/sbin/dnsmasq"
name="/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts" pid=5165
comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
--
You received this bug
Thanks for the feedback!
I just submitted the patch for review upstream.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To
/var/lib/lxd/networks/*/dnsmasq.leases rw,
should work fine
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To manage
The interface name is decided by the user in LXD 2.3 or higher, so it
can be any valid interface name.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with
Sounds like the path changed.
You'll need to add the following rule to /etc/apparmor.d/usr.sbin.dnsmasq (or
to the local/ include):
/var/lib/lxd/networks/lxdbr*/dnsmasq.leases rw,
BTW: Do you know if lxd supports different network interface types that
don't match the lxdbr* name pattern? If
14 matches
Mail list logo
