File apparmor-profiles-usr.sbin.dnsmasq of Package apparmor.import4985

From: Jeff Mahoney <jeffm@suse.com>
Subject: dnsmasq: Profile fixes
References: bnc#666090 bnc#678749

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 profiles/apparmor.d/usr.sbin.dnsmasq |   12 ++++++++++++
 1 file changed, 12 insertions(+)

--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -8,16 +8,28 @@
   capability setgid,
   capability setuid,
   capability dac_override,
+  capability net_admin,		# for DHCP server
+  capability net_raw,		# for DHCP server ping checks
+  network inet raw,
 
   /etc/dnsmasq.conf r,
   /etc/dnsmasq.d/ r,
   /etc/dnsmasq.d/* r,
+  /etc/ethers r,
 
   /usr/sbin/dnsmasq mr,
 
   /var/run/*dnsmasq*.pid w,
+  /var/run/dnsmasq-forwarders r,
   /var/run/dnsmasq/ r,
   /var/run/dnsmasq/* rw,
 
   /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
+
+  # libvirt pid files for dnsmasq
+  /var/run/libvirt/network/      r,
+  /var/run/libvirt/network/*.pid rw,
+  /var/lib/libvirt/dnsmasq/            r,
+  /var/lib/libvirt/dnsmasq/*.hostsfile r,
+
 }
openSUSE Build Service is sponsored by