a535402f17
Accepted submit request 59064 from user jeff_mahoney OBS-URL: https://build.opensuse.org/request/show/59064 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=5
34 lines
936 B
Plaintext
34 lines
936 B
Plaintext
From: Jeff Mahoney <jeffm@suse.com>
|
|
Subject: profiles: Add libvirt pid support to dnsmasq profile
|
|
References: bnc#666090
|
|
|
|
libvirt starts up dnsmasq with its pid file in
|
|
|
|
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
|
---
|
|
|
|
profiles/apparmor.d/usr.sbin.dnsmasq | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
|
|
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
|
|
@@ -8,6 +8,9 @@
|
|
capability setgid,
|
|
capability setuid,
|
|
capability dac_override,
|
|
+ capability net_admin, # for DHCP server
|
|
+ capability net_raw, # for DHCP server ping checks
|
|
+ network inet raw,
|
|
|
|
/etc/dnsmasq.conf r,
|
|
/etc/dnsmasq.d/ r,
|
|
@@ -19,5 +22,8 @@
|
|
/var/run/dnsmasq/ r,
|
|
/var/run/dnsmasq/* rw,
|
|
|
|
+ /var/run/libvirt/network/ r, # Required when called by libvirt
|
|
+ /var/run/libvirt/network/*.pid rw, # Required when called by libvirt
|
|
+
|
|
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
|
|
}
|