Overview

File apparmor-profiles-dnsmasq-iface-mtu.patch of Package apparmor.2939

Allow dnsmasq read access to IPv6 config

The IPv6 Neighbor Discovery protocol (RFC 2461) suggests
implementations provide MTU in Router Advertisement (RA)
messages.  From section 4.2

MTU    SHOULD be sent on links that have a variable MTU
       (as specified in the document that describes how to
       run IP over the particular link type).  MAY be sent
       on other links.

dnsmasq supports this option and should have read access
to an interface's MTU.


Index: apparmor-2.8.2/profiles/apparmor.d/usr.sbin.dnsmasq
===================================================================
--- apparmor-2.8.2.orig/profiles/apparmor.d/usr.sbin.dnsmasq
+++ apparmor-2.8.2/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -43,6 +43,10 @@
   /{,var/}run/nscd/group r,
   /{,var/}run/nscd/passwd r,
 
+  # access to iface mtu needed for Router Advertisement messages in IPv6
+  # Neighbor Discovery protocol (RFC 2461)
+  @{PROC}/sys/net/ipv6/conf/*/mtu r,
+
   # for the read-only TFTP server
   @{TFTP_DIR}/ r,
   @{TFTP_DIR}/** r,
openSUSE Build Service is sponsored by
Places