mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

profiles: dhclient: allow setting task comm name

Browse Source 
dhclient wants to set its thread names to functional names for
introspection purposes. Eg.

$ pstree -at 3395
dhclient ens3
  ├─{isc-socket}
  ├─{isc-timer}
  └─{isc-worker0000}

When denied this can result in dhclient breaking and failing to obtain
IPv4 addresses.

Fixes: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1918410
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
John Johansen 2021-03-29 15:34:43 -07:00
parent c32c970d00
commit c734839551
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
profiles/apparmor/profiles/extras/sbin.dhclient
View File

@ -48,6 +48,11 @@ profile dhclient /{usr/,}sbin/dhclient {
@{PROC}/interrupts r, @{PROC}/interrupts r,
@{PROC}/@{pid}/net/dev r, @{PROC}/@{pid}/net/dev r,
@{PROC}/rtc r, @{PROC}/rtc r,
# dhcliet wants to update its threads with functional names
# see lp1918410
owner @{PROC}/@{pid}/task/[0-9]*/comm rw,
# following rule shouldn't work, self is a symlink # following rule shouldn't work, self is a symlink
@{PROC}/self/status r, @{PROC}/self/status r,
/{usr/,}sbin/arp mrix, /{usr/,}sbin/arp mrix,