Overview
Request 247625 accepted
V2 (supersedes 247613)
This patch fixes bnc#892374, which I'd like to fix for SLE12, but
needs submitted here first.
The patch adds a (IMO) necessary rule to the dnsmasq profile,
question is whether I got the syntax right. If so, please accept
this request and forward the patch upstream. Thanks!
- add apparmor-profiles-dnsmasq-iface-mtu.patch to allow dnsmasq
read access to interface mtu in
/proc/sys/net/ipv6/conf//mtu
(bnc#892374)
Request History
jfehlig created request
V2 (supersedes 247613)
This patch fixes bnc#892374, which I'd like to fix for SLE12, but
needs submitted here first.
The patch adds a (IMO) necessary rule to the dnsmasq profile,
question is whether I got the syntax right. If so, please accept
this request and forward the patch upstream. Thanks!
- add apparmor-profiles-dnsmasq-iface-mtu.patch to allow dnsmasq
read access to interface mtu in
/proc/sys/net/ipv6/conf//mtu
(bnc#892374)
cboltz accepted request
Thanks for the patch!
I already submitted it upstream (trunk r2657, 2.8 branch r2140), but
they asked to use .../conf/*/mtu instead of .../conf/**/mtu. (If the
/proc directory layout ever changes, it's easy to update the profile
accordingly - but until then, it's better to keep it more restricted.)
Therefore I'll change your patch to use ../conf/*/mtu after accepting
this SR.
Note: I'll update security:apparmor (and Factory) to AppArmor 2.9 beta2
over the weekend. The latest 2.8.x will stay available as apparmor_2_8 in
security:apparmor.
