From 7714b6288944ba90d2578dfb58c348d39e1ffa9d Mon Sep 17 00:00:00 2001 From: Steve Beattie Date: Fri, 14 Jan 2011 11:38:56 -0600 Subject: [PATCH] Merge from trunk revision 1620: Attached is an updated dnsmasq profile that fixes the following: - allow net_admin capability for DHCP server - allow net_raw and network inet raw for ICMP pings when used as a DHCP server - allow read and write access to libvirt pid files for dnsmasq See the FAQ in the dnsmasq source for details. This fixes https://launchpad.net/bugs/697239 Nominated-by: Jamie Strandboge Acked-By: Steve Beattie --- profiles/apparmor.d/usr.sbin.dnsmasq | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq index a7e12812d..275b773e0 100644 --- a/profiles/apparmor.d/usr.sbin.dnsmasq +++ b/profiles/apparmor.d/usr.sbin.dnsmasq @@ -1,4 +1,14 @@ -# Author: John Dong +# ------------------------------------------------------------------ +# +# Copyright (C) 2009 John Dong +# Copyright (C) 2010 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + #include /usr/sbin/dnsmasq { #include @@ -8,6 +18,9 @@ capability setgid, capability setuid, capability dac_override, + capability net_admin, # for DHCP server + capability net_raw, # for DHCP server ping checks + network inet raw, /etc/dnsmasq.conf r, /etc/dnsmasq.d/ r, @@ -20,4 +33,9 @@ /var/run/dnsmasq/* rw, /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage + + # libvirt pid files for dnsmasq + /var/run/libvirt/network/ r, + /var/run/libvirt/network/*.pid rw, + }