From af6bf8238954f16a66f410777bf46dced61428a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladimir=20=E2=80=9CEquidamoid=E2=80=9D=20Shapranov=20=40e?=
 =?UTF-8?q?quidamoid?= <gitlab@mg.gitlab.com>
Date: Sat, 28 Mar 2020 12:42:13 -0700
Subject: [PATCH] Invalid path to libvirt_leaseshelper in usr.sbin.dnsmasq

The error:

type=AVC msg=audit(1585403559.846:34317577): apparmor="DENIED" operation="exec" profile="/usr/sbin/dnsmasq" name="/usr/libexec/libvirt_leaseshelper" pid=7162 comm="sh" requested_mas
k="x" denied_mask="x" fsuid=0 ouid=0
type=AVC msg=audit(1585403559.846:34317578): apparmor="DENIED" operation="open" profile="/usr/sbin/dnsmasq" name="/usr/libexec/libvirt_leaseshelper" pid=7162 comm="sh" requested_mas
k="r" denied_mask="r" fsuid=0 ouid=0

Looks like the path to libvirt_leasehelper is incorrect usr.sbin.dnsmasq, at least in gentoo. Patching the file fixes the problem:

issue: https://gitlab.com/apparmor/apparmor/-/issues/87
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 28fce5f76d43bda3be66449a2439cd56bea80fba)
---
 profiles/apparmor.d/usr.sbin.dnsmasq | 1 +
 1 file changed, 1 insertion(+)

diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index fd79a7728..d0f5a4fb9 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -89,6 +89,7 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
 
   # libvirt lease helper
   /usr/lib{,64}/libvirt/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
+  /usr/libexec/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
 
   # lxc-net pid and lease files
   /{,var/}run/lxc/dnsmasq.pid    rw,