[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apparmor-dev
Subject:    Re: [apparmor] [patch] nameservice: read permission to avahi socket
From:       Steve Beattie <steve () nxnw ! org>
Date:       2014-01-26 20:18:48
Message-ID: 20140126201848.GI8199 () nxnw ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Sun, Jan 26, 2014 at 11:07:37AM +0100, Felix Geyer wrote:
> On 06.11.2013 00:07, John Johansen wrote:
> > On 11/02/2013 08:15 AM, Felix Geyer wrote:
> >> Hi,
> >>
> >> AppArmor requires read and write permission to connect to
> >> unix domain sockets but the nameservice abstraction only
> >> grants write access to the avahi socket.
> >> As a result mdns name resolution fails.
> >>
> >> I propose this simple patch to add the read permission:
> >>
> >> === modified file 'profiles/apparmor.d/abstractions/nameservice'
> >> --- profiles/apparmor.d/abstractions/nameservice	2013-01-02 23:34:38 +0000
> >> +++ profiles/apparmor.d/abstractions/nameservice	2013-11-02 15:03:20 +0000
> >> @@ -50,7 +50,7 @@
> >>    /etc/default/nss               r,
> >>
> >>    # avahi-daemon is used for mdns4 resolution
> >> -  /{,var/}run/avahi-daemon/socket w,
> >> +  /{,var/}run/avahi-daemon/socket rw,
> >>
> >>    # nis
> >>    #include <abstractions/nis>
> >>
> > yep this is true for saucy and on
> >
> > Acked-by: John Johansen <john.johansen@canonical.com>
> 
> Ping, this hasn't been committed yet.

My apologies, I've committed this now. Thanks!

-- 
Steve Beattie
<sbeattie@ubuntu.com>
http://NxNW.org/~steve/

["signature.asc" (application/pgp-signature)]

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic