Yes, so basically we have:
 - (create + read/write by dnsmasq)
 - dnsmasq.raw (read by dnsmasq)
 - dnsmasq.hosts (read by dnsmasq)
 - dnsmasq.leases (create + read/write by dnsmasq)

I'd be tempted to just go with:

/var/lib/lxd/networks/*/ rw,
/var/lib/lxd/networks/*/dnsmasq.leases rw,
/var/lib/lxd/networks/*/dnsmasq.* r,

That should make things a bit more future proof should we add any more
dnsmasq related files in there.

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.

  In 16.10, LXD won't work with enforced dsnmasq profile

Status in AppArmor:
Status in apparmor package in Ubuntu:

Bug description:
  After upgrading to 16.0, LXD networking stopped working due to
  enforced dnsmasq profile.

  audit: type=1400 audit(1476709813.572:4291): apparmor="DENIED"
  operation="truncate" profile="/usr/sbin/dnsmasq"
  name="/var/lib/lxd/networks/lxdbr0/dnsmasq.leases" pid=13540
  comm="dnsmasq" requested_mask="w" denied_mask="w" fsuid=0 ouid=0

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to