touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #78739
[Bug 1403468] Re: dnsmasq profile incomplete for lxc usage
This will be addressed in wily by apparmor 2.9.2-0ubuntu1. Attached is a
patch for trusty.
** Patch added: "dnsmasq-lxc_networking-lp1403468.patch"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1403468/+attachment/4399532/+files/dnsmasq-lxc_networking-lp1403468.patch
** Description changed:
+ [impact]
+
+ This bug prevents the proper functioning of sdsnmasq under lxc
+
+ [steps to reproduce]
+
+ 1) install lxc
+ 2) start container, do dns lookups within it
+ 3) with the fix applied, dnsmasq in the host os should not generate
+ apparmor rejections in syslog
+
+ [regression potential]
+
+ The change in the patch for this bug is a slight loosening of the
+ apparmor policy for dnsmasq. The risk of an introduced regression
+ is small.
+
+ [original description]
+
Hi,
I am using the dnsmasq profile with lxc, and I am getting DENIED
messages like:
Dec 16 22:26:58 superstar kernel: [226445.568383] type=1400
audit(1418768818.310:865): apparmor="DENIED" operation="truncate"
profile="/usr/sbin/dnsmasq" name="/var/lib/misc/dnsmasq.lxcbr0.leases"
pid=1472 comm="dnsmasq" requested_mask="w" denied_mask="w" fsuid=118
ouid=0
Adding rw for that path obviously makes it go away, and seems like a
reasonable change.
Thanks,
James
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor-profiles 2.8.95~2430-0ubuntu5.1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Dec 17 11:27:18 2014
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.13.0-43-generic root=/dev/mapper/hostname--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
-
+
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: [modified]
mtime.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: 2014-12-16T20:38:31.370339
mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2014-12-17T11:21:47.159017
** Changed in: apparmor (Ubuntu)
Status: New => In Progress
** Description changed:
[impact]
- This bug prevents the proper functioning of sdsnmasq under lxc
+ This bug prevents the proper functioning of dsnmasq under lxc
[steps to reproduce]
1) install lxc
2) start container, do dns lookups within it
3) with the fix applied, dnsmasq in the host os should not generate
apparmor rejections in syslog
[regression potential]
The change in the patch for this bug is a slight loosening of the
apparmor policy for dnsmasq. The risk of an introduced regression
is small.
[original description]
Hi,
I am using the dnsmasq profile with lxc, and I am getting DENIED
messages like:
Dec 16 22:26:58 superstar kernel: [226445.568383] type=1400
audit(1418768818.310:865): apparmor="DENIED" operation="truncate"
profile="/usr/sbin/dnsmasq" name="/var/lib/misc/dnsmasq.lxcbr0.leases"
pid=1472 comm="dnsmasq" requested_mask="w" denied_mask="w" fsuid=118
ouid=0
Adding rw for that path obviously makes it go away, and seems like a
reasonable change.
Thanks,
James
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor-profiles 2.8.95~2430-0ubuntu5.1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Dec 17 11:27:18 2014
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.13.0-43-generic root=/dev/mapper/hostname--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: [modified]
mtime.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: 2014-12-16T20:38:31.370339
mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2014-12-17T11:21:47.159017
** Description changed:
[impact]
- This bug prevents the proper functioning of dsnmasq under lxc
+ This bug prevents the proper functioning of dnsmasq under lxc
[steps to reproduce]
1) install lxc
2) start container, do dns lookups within it
3) with the fix applied, dnsmasq in the host os should not generate
apparmor rejections in syslog
[regression potential]
The change in the patch for this bug is a slight loosening of the
apparmor policy for dnsmasq. The risk of an introduced regression
is small.
[original description]
Hi,
I am using the dnsmasq profile with lxc, and I am getting DENIED
messages like:
Dec 16 22:26:58 superstar kernel: [226445.568383] type=1400
audit(1418768818.310:865): apparmor="DENIED" operation="truncate"
profile="/usr/sbin/dnsmasq" name="/var/lib/misc/dnsmasq.lxcbr0.leases"
pid=1472 comm="dnsmasq" requested_mask="w" denied_mask="w" fsuid=118
ouid=0
Adding rw for that path obviously makes it go away, and seems like a
reasonable change.
Thanks,
James
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor-profiles 2.8.95~2430-0ubuntu5.1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Dec 17 11:27:18 2014
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.13.0-43-generic root=/dev/mapper/hostname--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: [modified]
mtime.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: 2014-12-16T20:38:31.370339
mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2014-12-17T11:21:47.159017
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1403468
Title:
dnsmasq profile incomplete for lxc usage
Status in AppArmor Linux application security framework:
Fix Released
Status in apparmor package in Ubuntu:
In Progress
Bug description:
[impact]
This bug prevents the proper functioning of dnsmasq under lxc
[steps to reproduce]
1) install lxc
2) start container, do dns lookups within it
3) with the fix applied, dnsmasq in the host os should not generate
apparmor rejections in syslog
[regression potential]
The change in the patch for this bug is a slight loosening of the
apparmor policy for dnsmasq. The risk of an introduced regression
is small.
[original description]
Hi,
I am using the dnsmasq profile with lxc, and I am getting DENIED
messages like:
Dec 16 22:26:58 superstar kernel: [226445.568383] type=1400
audit(1418768818.310:865): apparmor="DENIED" operation="truncate"
profile="/usr/sbin/dnsmasq" name="/var/lib/misc/dnsmasq.lxcbr0.leases"
pid=1472 comm="dnsmasq" requested_mask="w" denied_mask="w" fsuid=118
ouid=0
Adding rw for that path obviously makes it go away, and seems like a
reasonable change.
Thanks,
James
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor-profiles 2.8.95~2430-0ubuntu5.1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Dec 17 11:27:18 2014
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.13.0-43-generic root=/dev/mapper/hostname--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: [modified]
mtime.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: 2014-12-16T20:38:31.370339
mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2014-12-17T11:21:47.159017
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1403468/+subscriptions
References
