From 13ee637c55a68bfc9b22bb1d2cd7209178d7a7e4 Mon Sep 17 00:00:00 2001
From: Jamie Strandboge <jamie@ubuntu.com>
Date: Tue, 5 Jan 2016 17:03:06 -0600
Subject: [PATCH] allow read on /run/systemd/resolve/resolv.conf for systems
 using networkd (LP: #1529074)

Signed-Off-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
---
 profiles/apparmor.d/abstractions/nameservice | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
index 6d695d5d9..27dc2ac9a 100644
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -38,6 +38,9 @@
   # /etc/resolvconf/run/resolv.conf
   /{,var/}run/resolvconf/resolv.conf r,
   /etc/resolvconf/run/resolv.conf r,
+  # on systems using systemd's networkd, /etc/resolv.conf is a symlink to
+  # /run/systemd/resolve/resolv.conf
+  /{,var/}run/systemd/resolve/resolv.conf r,
 
   /etc/samba/lmhosts      r,
   /etc/services           r,