[Pkg-libvirt-commits] [libvirt] 01/01: apparmor: add dnsmasq ptrace rule to libvirtd profile
Guido Guenther
agx at moszumanska.debian.org
Sat Oct 7 09:01:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
agx pushed a commit to branch debian/sid
in repository libvirt.
commit 646a20fd1b04301b9dc04729473eb89d05ffb3dd
Author: Guido Günther <agx at sigxcpu.org>
Date: Sat Oct 7 11:00:10 2017 +0200
apparmor: add dnsmasq ptrace rule to libvirtd profile
---
...d-dnsmasq-ptrace-rule-to-libvirtd-profile.patch | 63 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 64 insertions(+)
diff --git a/debian/patches/apparmor-add-dnsmasq-ptrace-rule-to-libvirtd-profile.patch b/debian/patches/apparmor-add-dnsmasq-ptrace-rule-to-libvirtd-profile.patch
new file mode 100644
index 0000000..f6f1322
--- /dev/null
+++ b/debian/patches/apparmor-add-dnsmasq-ptrace-rule-to-libvirtd-profile.patch
@@ -0,0 +1,63 @@
+From: Jim Fehlig <jfehlig at suse.com>
+Date: Fri, 6 Oct 2017 14:20:36 -0600
+Subject: apparmor: add dnsmasq ptrace rule to libvirtd profile
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: base64
+
+Q29tbWl0IGI0ODI5MjVjIGFkZGVkIHB0cmFjZSBydWxlIGZvciB0aGUgYXBwYXJtb3IgcHJvZmls
+ZXMsCmJ1dCBvbmUgd2FzIG1pc3NlZCBpbiB0aGUgbGlidmlydGQgcHJvZmlsZSBmb3IgZG5zbWFz
+cS4gSXQgd2FzCm92ZXJsb29rZWQgc2luY2UgdGhlIHRlc3QgbWFjaGluZSBkaWQgbm90IGhhdmUg
+YW4gYWN0aXZlIGxpYnZpcnQKbmV0d29yayByZXF1aXJpbmcgZG5zbWFzcSB0aGF0IHdhcyBhbHNv
+IHNldCB0byBhdXRvc3RhcnQuIFdpdGgKb25lIGFjdGl2ZSBhbmQgc2V0IHRvIGF1dG9zdGFydCwg
+dGhlIGZvbGxvd2luZyBkZW5pYWwgaXMgb2JzZXJ2ZWQKaW4gYXVkaXQubG9nIHdoZW4gcmVzdGFy
+dGluZyBsaWJ2aXJ0ZAoKdHlwZT1BVkMgbXNnPWF1ZGl0KDE1MDczMjAxMzYuMzA2OjI5OCk6IGFw
+cGFybW9yPSJERU5JRUQiIFwKb3BlcmF0aW9uPSJwdHJhY2UiIHByb2ZpbGU9Ii91c3Ivc2Jpbi9s
+aWJ2aXJ0ZCIgcGlkPTU0NzIgXApjb21tPSJsaWJ2aXJ0ZCIgcmVxdWVzdGVkX21hc2s9InRyYWNl
+IiBkZW5pZWRfbWFzaz0idHJhY2UiIFwKcGVlcj0iL3Vzci9zYmluL2Ruc21hc3EiCgpXaXRoIGFu
+IGFjdGl2ZSBuZXR3b3JrLCBJIHN1c3BlY3QgYSBsaWJ2aXJ0ZCByZXN0YXJ0IGNhdXNlcyBhY2Nl
+c3MKdG8gL3Byb2MvPGRuc21hc3EtcGlkPi8qLCBoZW5jZSB0aGUgcmVzdWx0aW5nIGRlbmlhbC4g
+QXMgYSBuYXN0eQpzaWRlIGFmZmVjdCBvZiB0aGUgZGVuaWFsLCBsaWJ2aXJ0ZCB0aGlua3MgaXQg
+bmVlZHMgdG8gc3Bhd24gYQpkbnNtYXNxIHByb2Nlc3MgZXZlbiB0aG91Z2ggb25lIGlzIGFscmVh
+ZHkgcnVubmluZyBmb3IgdGhlIG5ldHdvcmsuCkUuZy4gYWZ0ZXIgdHdvIGxpYnZpcnRkIHJlc3Rh
+cnRzCgpkbnNtYXNxICAgMTY4MyAgMC4wICAwLjAgIDUxMTg4ICAyNjEyID8gICAgICAgIFMgICAg
+MTI6MDMgICAwOjAwIFwKIC91c3Ivc2Jpbi9kbnNtYXNxIC0tY29uZi1maWxlPS92YXIvbGliL2xp
+YnZpcnQvZG5zbWFzcS9kZWZhdWx0LmNvbmYgXAogLS1sZWFzZWZpbGUtcm8gLS1kaGNwLXNjcmlw
+dD0vdXNyL2xpYjY0L2xpYnZpcnQvbGlidmlydF9sZWFzZXNoZWxwZXIKcm9vdCAgICAgIDE2ODQg
+IDAuMCAgMC4wICA1MTE2MCAgIDU3NiA/ICAgICAgICBTICAgIDEyOjAzICAgMDowMCBcCiAvdXNy
+L3NiaW4vZG5zbWFzcSAtLWNvbmYtZmlsZT0vdmFyL2xpYi9saWJ2aXJ0L2Ruc21hc3EvZGVmYXVs
+dC5jb25mIFwKIC0tbGVhc2VmaWxlLXJvIC0tZGhjcC1zY3JpcHQ9L3Vzci9saWI2NC9saWJ2aXJ0
+L2xpYnZpcnRfbGVhc2VzaGVscGVyCmRuc21hc3EgICA0NzA2ICAwLjAgIDAuMCAgNTExODggIDI1
+NzIgPyAgICAgICAgUyAgICAxMzo1NCAgIDA6MDAgXAogL3Vzci9zYmluL2Ruc21hc3EgLS1jb25m
+LWZpbGU9L3Zhci9saWIvbGlidmlydC9kbnNtYXNxL2RlZmF1bHQuY29uZiBcCiAtLWxlYXNlZmls
+ZS1ybyAtLWRoY3Atc2NyaXB0PS91c3IvbGliNjQvbGlidmlydC9saWJ2aXJ0X2xlYXNlc2hlbHBl
+cgpyb290ICAgICAgNDcwNyAgMC4wICAwLjAgIDUxMTYwICAgNTcyID8gICAgICAgIFMgICAgMTM6
+NTQgICAwOjAwIFwKIC91c3Ivc2Jpbi9kbnNtYXNxIC0tY29uZi1maWxlPS92YXIvbGliL2xpYnZp
+cnQvZG5zbWFzcS9kZWZhdWx0LmNvbmYgXAogLS1sZWFzZWZpbGUtcm8gLS1kaGNwLXNjcmlwdD0v
+dXNyL2xpYjY0L2xpYnZpcnQvbGlidmlydF9sZWFzZXNoZWxwZXIKZG5zbWFzcSAgIDQ3OTEgIDAu
+MCAgMC4wICA1MTE4OCAgMjU4MCA/ICAgICAgICBTICAgIDEzOjU2ICAgMDowMCBcCiAvdXNyL3Ni
+aW4vZG5zbWFzcSAtLWNvbmYtZmlsZT0vdmFyL2xpYi9saWJ2aXJ0L2Ruc21hc3EvZGVmYXVsdC5j
+b25mIFwKIC0tbGVhc2VmaWxlLXJvIC0tZGhjcC1zY3JpcHQ9L3Vzci9saWI2NC9saWJ2aXJ0L2xp
+YnZpcnRfbGVhc2VzaGVscGVyCnJvb3QgICAgICA0NzkyICAwLjAgIDAuMCAgNTExNjAgICA1NzIg
+PyAgICAgICAgUyAgICAxMzo1NiAgIDA6MDAgXAogL3Vzci9zYmluL2Ruc21hc3EgLS1jb25mLWZp
+bGU9L3Zhci9saWIvbGlidmlydC9kbnNtYXNxL2RlZmF1bHQuY29uZiBcCiAtLWxlYXNlZmlsZS1y
+byAtLWRoY3Atc2NyaXB0PS91c3IvbGliNjQvbGlidmlydC9saWJ2aXJ0X2xlYXNlc2hlbHBlcgoK
+QSBzaW1wbGUgZml4IGlzIHRvIGFkZCBhIHB0cmFjZSBydWxlIGZvciBkbnNtYXNxLgoKU2lnbmVk
+LW9mZi1ieTogSmltIEZlaGxpZyA8amZlaGxpZ0BzdXNlLmNvbT4KUmV2aWV3ZWQtQnk6IEd1aWRv
+IEfDvG50aGVyIDxhZ3hAc2lneGNwdS5vcmc+Cg==
+---
+ examples/apparmor/usr.sbin.libvirtd | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
+index 5505bf6..2dc9bb0 100644
+--- a/examples/apparmor/usr.sbin.libvirtd
++++ b/examples/apparmor/usr.sbin.libvirtd
+@@ -39,6 +39,7 @@
+
+ ptrace (trace) peer=unconfined,
+ ptrace (trace) peer=/usr/sbin/libvirtd,
++ ptrace (trace) peer=/usr/sbin/dnsmasq,
+ ptrace (trace) peer=libvirt-*,
+
+ # Very lenient profile for libvirtd since we want to first focus on confining
diff --git a/debian/patches/series b/debian/patches/series
index a18caf4..e2280b7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,3 +16,4 @@ debian/Use-upstreams-polkit-rule.patch
debian/apparmor_profiles_local_include.patch
Set-defaults-for-zfs-tools.patch
Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
+apparmor-add-dnsmasq-ptrace-rule-to-libvirtd-profile.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git
More information about the Pkg-libvirt-commits
mailing list