[pkg-apparmor] Bug#934869: /etc/apparmor.d/usr.sbin.dnsmasq: profile doesn’t allow dnsmasq-base DNSSEC files
James Rowe
jnrowe at gmail.com
Fri Aug 16 03:48:24 BST 2019
Package: apparmor-profiles
Version: 2.13.2-10
Severity: normal
File: /etc/apparmor.d/usr.sbin.dnsmasq
Dear Maintainer,
If DNSSEC validation is enabled in the dnsmasq config file then the
/usr/share/dnsmasq-base/trust-anchors.conf should be read by dnsmasq.
However, the profile doesn’t allow access to it.
The following simple patch enables reading the DNS setup from
dnsmasq-base:
--- a/usr.sbin.dnsmasq
+++ b/usr.sbin.dnsmasq
@@ -51,6 +51,8 @@
/usr/share/dnsmasq/ r,
/usr/share/dnsmasq/* r,
+ /usr/share/dnsmasq-base/ r,
+ /usr/share/dnsmasq-base/* r,
/{,var/}run/*dnsmasq*.pid w,
/{,var/}run/dnsmasq-forwarders.conf r,
Thanks,
James
-- System Information:
Debian Release: 10.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apparmor-profiles depends on:
ii apparmor 2.13.2-10
apparmor-profiles recommends no packages.
apparmor-profiles suggests no packages.
-- no debconf information
More information about the pkg-apparmor-team
mailing list