Yes, so basically we have: - dnsmasq.pid (create + read/write by dnsmasq) - dnsmasq.raw (read by dnsmasq) - dnsmasq.hosts (read by dnsmasq) - dnsmasq.leases (create + read/write by dnsmasq)
I'd be tempted to just go with: /var/lib/lxd/networks/*/dnsmasq.pid rw, /var/lib/lxd/networks/*/dnsmasq.leases rw, /var/lib/lxd/networks/*/dnsmasq.* r, That should make things a bit more future proof should we add any more dnsmasq related files in there. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1634199 Title: In 16.10, LXD won't work with enforced dsnmasq profile Status in AppArmor: New Status in apparmor package in Ubuntu: New Bug description: After upgrading to 16.0, LXD networking stopped working due to enforced dnsmasq profile. audit: type=1400 audit(1476709813.572:4291): apparmor="DENIED" operation="truncate" profile="/usr/sbin/dnsmasq" name="/var/lib/lxd/networks/lxdbr0/dnsmasq.leases" pid=13540 comm="dnsmasq" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1634199/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
