mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

dnsmasq: Adjust pattern for log files to comply SELinux

Browse Source 
i.e. move '*' from beginning to before suffix.

Commit 025c7dc6 ("dnsmasq: Add permission to open log files") added
pattern, which is not compatible with SELinux. As this pattern has been
in SELinux since 2011 (with recent change to accept '.log' suffix +
logrotate patterns which are not relevant to AppArmor) IMHO it's better
to adjust our profile.

Fixes: 025c7dc6 ("dnsmasq: Add permission to open log files")
PR: PR: https://gitlab.com/apparmor/apparmor/merge_requests/288
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 3ef8df6ac05057e46720b2eba099bad3416f763b)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Petr Vorel 2018-12-07 23:40:19 +01:00 committed by John Johansen
parent c044757de9
commit 7dce58987f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
profiles/apparmor.d/usr.sbin.dnsmasq
View File

@ -45,7 +45,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
/usr/{bin,sbin}/dnsmasq mr,
/var/log/*dnsmasq.log w,
/var/log/dnsmasq*.log w,
/usr/share/dnsmasq/ r,
/usr/share/dnsmasq/* r,