5e53819734
- allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3) OBS-URL: https://build.opensuse.org/request/show/668438 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=232
28 lines
994 B
Diff
28 lines
994 B
Diff
commit 20fe099cede7cb5ec7dcf62a5427936766a6d4e4
|
|
Author: Christian Boltz <apparmor@cboltz.de>
|
|
Date: Sun Jan 13 17:38:09 2019 +0100
|
|
|
|
dnsmasq: allow peer=libvirtd to support named profile
|
|
|
|
The /usr/sbin/libvirtd profile will get a profile name ("libvirtd").
|
|
|
|
This patch adjusts the dnsmasq profile to support the named profile in
|
|
addition to the "old" path-based profile name.
|
|
|
|
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1118952#c3
|
|
|
|
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
|
|
index a308e3f7..2627f6d6 100644
|
|
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
|
|
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
|
|
@@ -28,7 +28,9 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
|
|
network inet6 raw,
|
|
|
|
signal (receive) peer=/usr/{bin,sbin}/libvirtd,
|
|
+ signal (receive) peer=libvirtd,
|
|
ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,
|
|
+ ptrace (readby) peer=libvirtd,
|
|
|
|
owner /dev/tty rw,
|
|
|