| Thread Previous • Date Previous • Date Next • Thread Next |
On 2012-09-11 22:06, Scott Moser wrote:
I just spoke with jdstrand in #ubuntu-server on this, and he suggested we should SRU a change to isc-dhcp-server to have '#include <isc-dhcpd.d>' in its /etc/apparmor.d/usr.sbin.dhcpd and create that directory on installation.
That'd be great. But we need it fast, and in both Precise and Quantal! It's blocking our ability to restrict dhcpd to the right interfaces. Having this task stuck in mid-execution for so long is not good.
Does that sound about right? We'll need to have an installed snippet that grants these permissions, presumably in /etc/maas somewhere. Scott, would it be possible for you to provide the snippet, have it installed, and patch the local apparmor profile to #include the snippet? I already have an upstart script and I can make the python-side changes to run a customized dhcpd instance.snippet?
Yes, the file that in your terms would be <isc-dhcpd.d/maas>. Once we have this all done on the packaging side, I can make the required changes to trunk. I also have a custom upstart script ready.
Jeroen
| Thread Previous • Date Previous • Date Next • Thread Next |
