From 4564d82d523a351f100b0665d91f4ab67f66219f Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Wed, 10 Feb 2016 11:06:38 +0100
Subject: [PATCH 1/2] abstractions/nameservice: support systems with
 NetworkManager but no resolvconf where /etc/resolv.conf is a symlink to
 /var/run/NetworkManager/resolv.conf.

Patch proposed by Simon McVittie <smcv@debian.org>.
Closes: Debian#813835
---
 profiles/apparmor.d/abstractions/nameservice | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
index 27dc2ac9a..ec844fa00 100644
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -35,8 +35,9 @@
   /etc/resolv.conf        r,
   # on systems using resolvconf, /etc/resolv.conf is a symlink to
   # /{,var/}run/resolvconf/resolv.conf and a file sometimes referenced in
-  # /etc/resolvconf/run/resolv.conf
-  /{,var/}run/resolvconf/resolv.conf r,
+  # /etc/resolvconf/run/resolv.conf. Similarly, if NetworkManager is used
+  # without resolvconf, /etc/resolv.conf is a symlink to its own resolv.conf.
+  /{,var/}run/{resolvconf,NetworkManager}/resolv.conf r,
   /etc/resolvconf/run/resolv.conf r,
   # on systems using systemd's networkd, /etc/resolv.conf is a symlink to
   # /run/systemd/resolve/resolv.conf

From de9c5ed33b203e4dd02220ec3f6374c11364d46b Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Wed, 10 Feb 2016 11:09:24 +0100
Subject: [PATCH 2/2] abstractions/nameservice: factorize to de-duplicate a
 bit.

---
 profiles/apparmor.d/abstractions/nameservice | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
index ec844fa00..9cde5e7c9 100644
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -37,11 +37,10 @@
   # /{,var/}run/resolvconf/resolv.conf and a file sometimes referenced in
   # /etc/resolvconf/run/resolv.conf. Similarly, if NetworkManager is used
   # without resolvconf, /etc/resolv.conf is a symlink to its own resolv.conf.
-  /{,var/}run/{resolvconf,NetworkManager}/resolv.conf r,
+  # Finally, on systems using systemd's networkd, /etc/resolv.conf is
+  # a symlink to /run/systemd/resolve/resolv.conf
+  /{,var/}run/{resolvconf,NetworkManager,systemd/resolve}/resolv.conf r,
   /etc/resolvconf/run/resolv.conf r,
-  # on systems using systemd's networkd, /etc/resolv.conf is a symlink to
-  # /run/systemd/resolve/resolv.conf
-  /{,var/}run/systemd/resolve/resolv.conf r,
 
   /etc/samba/lmhosts      r,
   /etc/services           r,