c36abb7d55
- install SubDomain.pm compat module (bnc#713408) - Update to 2.6.1. - One patch eliminated - Lots of minor fixes - Split out more common abstractions - Add check_for_apparmor() helper. - dhcpd: Fix apparmor profile (bnc#692428) - Fixed typos in descriptions and summaries of apparmor.spec - move the requires and prerequires to the right package OBS-URL: https://build.opensuse.org/request/show/81356 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=20
35 lines
966 B
Plaintext
35 lines
966 B
Plaintext
From: Jeff Mahoney <jeffm@suse.com>
|
|
Subject: dhcpd: Fix apparmor profile
|
|
References: bnc#692428
|
|
|
|
This patch adds the network rules needed, corrects the path to dhcpd.leases,
|
|
and adds the path for TSIG DNS keys.
|
|
|
|
Reported-by: Andrew Beames <suseforum@roocomputing.co.uk>
|
|
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
|
---
|
|
profiles/apparmor/profiles/extras/usr.sbin.dhcpd | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
--- a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
|
|
+++ b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
|
|
@@ -21,12 +21,17 @@
|
|
capability setuid,
|
|
capability sys_chroot,
|
|
|
|
+ network inet raw,
|
|
+ network packet raw,
|
|
+
|
|
/db/dhcpd.leases* lrw,
|
|
/etc/dhcpd.conf r,
|
|
/etc/hosts.allow r,
|
|
/etc/hosts.deny r,
|
|
/usr/sbin/dhcpd rmix,
|
|
- /var/lib/dhcp/dhcpd.leases* rwl,
|
|
+ /var/lib/dhcp/db/dhcpd.leases* rwl,
|
|
/var/lib/dhcp/etc/dhcpd.conf r,
|
|
/var/run/dhcpd.pid wl,
|
|
+ /etc/named.d/* r,
|
|
+ @{PROC}/net/dev r,
|
|
}
|