touch-packages team mailing list archive

Thread
Date

[Bug 1403468] Re: dnsmasq profile incomplete for lxc usage

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1403468@xxxxxxxxxxxxxxxxxx>
Date: Sun, 24 May 2015 17:34:18 -0000
Reply-to: Bug 1403468 <1403468@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Branch linked: lp:ubuntu/trusty-proposed/apparmor

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1403468

Title:
  dnsmasq profile incomplete for lxc usage

Status in AppArmor Linux application security framework:
  Fix Released
Status in apparmor package in Ubuntu:
  In Progress

Bug description:
  [impact]

  This bug prevents the proper functioning of dnsmasq under lxc

  [steps to reproduce]

  1) install lxc
  2) start container, do dns lookups within it
  3) with the fix applied,  dnsmasq in the host os should not generate
  apparmor rejections in syslog

  [regression potential]

  The change in the patch for this bug is a slight loosening of the
  apparmor policy for dnsmasq. The risk of an introduced regression
  is small.

  [original description]

  Hi,

  I am using the dnsmasq profile with lxc, and I am getting DENIED
  messages like:

  Dec 16 22:26:58 superstar kernel: [226445.568383] type=1400
  audit(1418768818.310:865): apparmor="DENIED" operation="truncate"
  profile="/usr/sbin/dnsmasq" name="/var/lib/misc/dnsmasq.lxcbr0.leases"
  pid=1472 comm="dnsmasq" requested_mask="w" denied_mask="w" fsuid=118
  ouid=0

  Adding rw for that path obviously makes it go away, and seems like a
  reasonable change.

  Thanks,

  James

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: apparmor-profiles 2.8.95~2430-0ubuntu5.1
  ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
  Uname: Linux 3.13.0-43-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Wed Dec 17 11:27:18 2014
  PackageArchitecture: all
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.13.0-43-generic root=/dev/mapper/hostname--vg-root ro quiet splash vt.handoff=7
  SourcePackage: apparmor
  Syslog:

  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: [modified]
  mtime.conffile..etc.apparmor.d.usr.sbin.avahi.daemon: 2014-12-16T20:38:31.370339
  mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2014-12-17T11:21:47.159017

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1403468/+subscriptions

References

[Bug 1403468] [NEW] dnsmasq profile incomplete for lxc usage
From: James Westby, 2014-12-17