From 562c98d77cc588609ce2513a7730df22e1b84410 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Fri, 18 Sep 2015 19:06:47 +0200 Subject: [PATCH] dnsmasq profile - also allow /bin/sh This patch is based on a SLE12 patch to allow executing the --dhcp-script. We already have most parts of that patch since r2841, however the SLE bugreport indicates that /bin/sh is executed (which is usually a symlink to /bin/bash or /bin/dash), so we should also allow /bin/sh References: https://bugzilla.opensuse.org/show_bug.cgi?id=940749 (non-public) Acked-by: Seth Arnold for trunk and 2.9 --- profiles/apparmor.d/usr.sbin.dnsmasq | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq index 90c385a0a..f4c0c072c 100644 --- a/profiles/apparmor.d/usr.sbin.dnsmasq +++ b/profiles/apparmor.d/usr.sbin.dnsmasq @@ -45,7 +45,7 @@ /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage - /bin/{b,d}ash ix, # Required to execute --dhcp-script argument + /bin/{ba,da,}sh ix, # Required to execute --dhcp-script argument # access to iface mtu needed for Router Advertisement messages in IPv6 # Neighbor Discovery protocol (RFC 2461)