[pkg-apparmor] Bug#889806: apparmor-profiles: Breaks dnsmasq due to missing chown capability rule
intrigeri at debian.org
intrigeri at debian.org
Wed Feb 7 07:56:26 UTC 2018
Package: apparmor-profiles
Version: 2.12-2
Severity: minor
Tags: upstream
We ship a profile for dnsmasq in complain mode. When it's enforced,
libvirt fails to start networks because starting dnsmasq fails:
kernel: audit: type=1400 audit(1517989885.782:244): apparmor="DENIED" operation="capable" profile="/usr/sbin/dnsmasq" pid=8050 comm="dnsmasq" capability=0 capname="chown"
This is probably caused by:
dnsmasq (2.78-2) unstable; urgency=high
* Change ownership of pid file, to keep systemd happy. (closes: #889336)
-- Simon Kelley <simon at thekelleys.org.uk> Tue, 6 Feb 2018 17:21:30 +0000
I'll submit a fix to apparmor upstream.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list