mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00
Code Issues Releases Wiki Activity

Invalid path to libvirt_leaseshelper in usr.sbin.dnsmasq

Browse Source 
The error:

type=AVC msg=audit(1585403559.846:34317577): apparmor="DENIED" operation="exec" profile="/usr/sbin/dnsmasq" name="/usr/libexec/libvirt_leaseshelper" pid=7162 comm="sh" requested_mas
k="x" denied_mask="x" fsuid=0 ouid=0
type=AVC msg=audit(1585403559.846:34317578): apparmor="DENIED" operation="open" profile="/usr/sbin/dnsmasq" name="/usr/libexec/libvirt_leaseshelper" pid=7162 comm="sh" requested_mas
k="r" denied_mask="r" fsuid=0 ouid=0

Looks like the path to libvirt_leasehelper is incorrect usr.sbin.dnsmasq, at least in gentoo. Patching the file fixes the problem:

issue: https://gitlab.com/apparmor/apparmor/-/issues/87
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 28fce5f76d43bda3be66449a2439cd56bea80fba)
This commit is contained in:
Vladimir “Equidamoid” Shapranov @equidamoid 2020-03-28 12:42:13 -07:00 committed by Christian Boltz
parent 02dce59d29
commit af6bf82389
No known key found for this signature in database
GPG Key ID: C6A682EA63C82F1C
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
profiles/apparmor.d/usr.sbin.dnsmasq
View File

@ -89,6 +89,7 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
# libvirt lease helper # libvirt lease helper
/usr/lib{,64}/libvirt/libvirt_leaseshelper Cx -> libvirt_leaseshelper, /usr/lib{,64}/libvirt/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
/usr/libexec/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
# lxc-net pid and lease files # lxc-net pid and lease files
/{,var/}run/lxc/dnsmasq.pid rw, /{,var/}run/lxc/dnsmasq.pid rw,