[pkg-apparmor] Bug#810888: bin.ping: does not let iputils-ping read /etc/libnl-3 or @{PROC}/@{pid}/net/psched
Simon McVittie
smcv at debian.org
Wed Jan 13 17:33:20 UTC 2016
On 13/01/16 12:04, intrigeri wrote:
> For the dnsmasq profile we have:
>
> /etc/libnl-3/classid r,
>
> Presumably, this would be enough for ping as well.
I didn't want to have to update it if ping starts using more libnl
features; no other reason. The other file in that directory at the
moment is "pktloc" which also seems to be a table of static data.
To be honest, both of those should probably be in /usr/share (although
<abstractions/base> doesn't actually allow all of /usr/share like I
thought it did); maybe I should be filing a wishlist bug against
libnl-3-200 as well.
>> which address these AppArmor complaints:
>
> Just curious, how can I trigger them locally?
Have "apparmor=1 security=apparmor" on the kernel command line; have
iputils-ping installed; "ping 8.8.8.8" or something.
S
More information about the pkg-apparmor-team
mailing list