[Touch-packages] [Bug 1566944] Re: dnsmasq profile prevents LXD container to launch

Christian Boltz Fri, 08 Apr 2016 15:36:12 -0700

Fix commited to upstream bzr trunk r3435 (Simon, thanks for submitting
it!)


** Also affects: apparmor
   Importance: Undecided
       Status: New

** Changed in: apparmor
       Status: New => Fix Committed

** Changed in: apparmor
    Milestone: None => 2.11

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1566944

Title:
  dnsmasq profile prevents LXD container to launch

Status in AppArmor:
  Fix Committed
Status in apparmor package in Ubuntu:
  New

Bug description:
  LXD 2.0 has dropped lxcbr0 for lxdbr0 as its default bridge configuration.
  Since then, having usr.sbin.dnsmasq profile in enforce mode will prevent LXD 
containers to launch:

  Apr  6 12:55:06 franck-ThinkPad-T430s kernel: [ 7029.101587] audit: type=1400 
audit(1459940106.552:107): apparmor="DENIED" operation="mknod" 
profile="/usr/sbin/dnsmasq" name="/var/lib/lxd-bridge/dnsmasq.lxdbr0.leases" 
pid=22292 comm="dnsmasq" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
  Apr  6 12:55:06 franck-ThinkPad-T430s lxd-bridge.start[22255]: dnsmasq: ne 
peut ouvrir ou créer le fichiers de baux 
/var/lib/lxd-bridge//dnsmasq.lxdbr0.leases : Permission non accordée

  Of course, switching to complain mode works the problem around, but
  maybe allowing write to /var/lib/lxd-bridge/ would be a good idea
  (disclaimer: I'm not a security expert).

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: apparmor-profiles 2.10-3ubuntu2
  ProcVersionSignature: Ubuntu 4.4.0-17.33-generic 4.4.6
  Uname: Linux 4.4.0-17-generic x86_64
  NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
  ApportVersion: 2.20.1-0ubuntu1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Wed Apr  6 17:34:12 2016
  InstallationDate: Installed on 2015-10-04 (185 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151002)
  PackageArchitecture: all
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.4.0-17-generic.efi.signed 
root=/dev/mapper/ubuntu--vg-root ro noprompt persistent kaslr threadirqs quiet 
splash vt.handoff=7
  SourcePackage: apparmor
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.apparmor.d.bin.ping: [modified]
  modified.conffile..etc.apparmor.d.sbin.klogd: [modified]
  modified.conffile..etc.apparmor.d.sbin.syslog.ng: [modified]
  modified.conffile..etc.apparmor.d.sbin.syslogd: [modified]
  modified.conffile..etc.apparmor.d.usr.bin.chromium.browser: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.dnsmasq: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.dovecot: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.identd: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.mdnsd: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.nmbd: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.nscd: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.smbd: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.smbldap.useradd: [modified]
  mtime.conffile..etc.apparmor.d.bin.ping: 2015-10-05T12:02:58.049761
  mtime.conffile..etc.apparmor.d.sbin.klogd: 2015-10-05T12:04:03.854535
  mtime.conffile..etc.apparmor.d.sbin.syslog.ng: 2015-10-05T12:03:21.918041
  mtime.conffile..etc.apparmor.d.sbin.syslogd: 2015-10-05T12:03:15.705968
  mtime.conffile..etc.apparmor.d.usr.bin.chromium.browser: 
2015-10-05T12:02:05.273141
  mtime.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: 
2015-10-05T11:59:18.903198
  mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2016-04-06T17:25:47.252257
  mtime.conffile..etc.apparmor.d.usr.sbin.dovecot: 2015-10-05T12:00:55.356323
  mtime.conffile..etc.apparmor.d.usr.sbin.identd: 2015-10-05T12:01:02.204403
  mtime.conffile..etc.apparmor.d.usr.sbin.mdnsd: 2015-10-05T12:02:37.861523
  mtime.conffile..etc.apparmor.d.usr.sbin.nmbd: 2015-10-05T12:00:10.119794
  mtime.conffile..etc.apparmor.d.usr.sbin.nscd: 2015-10-05T12:00:17.355879
  mtime.conffile..etc.apparmor.d.usr.sbin.smbd: 2015-10-05T12:00:26.103981
  mtime.conffile..etc.apparmor.d.usr.sbin.smbldap.useradd: 
2015-10-05T12:00:35.504091

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1566944/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1566944] Re: dnsmasq profile prevents LXD container to launch

Reply via email to