[prev in list] [next in list] [prev in thread] [next in thread]
List: apparmor-dev
Subject: Re: [apparmor] [patch] nameservice: read permission to avahi socket
From: Steve Beattie <steve () nxnw ! org>
Date: 2014-01-26 20:18:48
Message-ID: 20140126201848.GI8199 () nxnw ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Sun, Jan 26, 2014 at 11:07:37AM +0100, Felix Geyer wrote:
> On 06.11.2013 00:07, John Johansen wrote:
> > On 11/02/2013 08:15 AM, Felix Geyer wrote:
> >> Hi,
> >>
> >> AppArmor requires read and write permission to connect to
> >> unix domain sockets but the nameservice abstraction only
> >> grants write access to the avahi socket.
> >> As a result mdns name resolution fails.
> >>
> >> I propose this simple patch to add the read permission:
> >>
> >> === modified file 'profiles/apparmor.d/abstractions/nameservice'
> >> --- profiles/apparmor.d/abstractions/nameservice 2013-01-02 23:34:38 +0000
> >> +++ profiles/apparmor.d/abstractions/nameservice 2013-11-02 15:03:20 +0000
> >> @@ -50,7 +50,7 @@
> >> /etc/default/nss r,
> >>
> >> # avahi-daemon is used for mdns4 resolution
> >> - /{,var/}run/avahi-daemon/socket w,
> >> + /{,var/}run/avahi-daemon/socket rw,
> >>
> >> # nis
> >> #include <abstractions/nis>
> >>
> > yep this is true for saucy and on
> >
> > Acked-by: John Johansen <john.johansen@canonical.com>
>
> Ping, this hasn't been committed yet.
My apologies, I've committed this now. Thanks!
--
Steve Beattie
<sbeattie@ubuntu.com>
http://NxNW.org/~steve/
["signature.asc" (application/pgp-signature)]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic