Simon Déziel has proposed merging lp:~sdeziel/apparmor/dnsmasq-tftp into
lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
Related bugs:
Bug #905412 in apparmor (Ubuntu): "dnsmasq's profile does not account for the
TFTP server feature"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/905412
For more details, see:
https://code.launchpad.net/~sdeziel/apparmor/dnsmasq-tftp/+merge/86597
This branch fixes LP: #905412 by allowing dnsmasq to read a TFPT root. The
directory in question is configurable but is set /var/tftp.
--
https://code.launchpad.net/~sdeziel/apparmor/dnsmasq-tftp/+merge/86597
Your team AppArmor Developers is requested to review the proposed merge of
lp:~sdeziel/apparmor/dnsmasq-tftp into lp:apparmor.
=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
--- profiles/apparmor.d/usr.sbin.dnsmasq 2011-09-15 18:58:54 +0000
+++ profiles/apparmor.d/usr.sbin.dnsmasq 2011-12-21 18:10:27 +0000
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+@{TFTP_DIR}=/var/tftp
+
#include <tunables/global>
/usr/sbin/dnsmasq {
#include <abstractions/base>
@@ -36,6 +38,10 @@
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
+ # for the read-only TFTP server
+ @{TFTP_DIR}/ r,
+ @{TFTP_DIR}/** r,
+
# libvirt lease and hosts files for dnsmasq
/var/lib/libvirt/dnsmasq/ r,
/var/lib/libvirt/dnsmasq/*.leases rw,
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
