[apparmor] [patch] nameservice: read permission to avahi socket

Felix Geyer Sat, 02 Nov 2013 08:16:37 -0700

Hi,

AppArmor requires read and write permission to connect to
unix domain sockets but the nameservice abstraction only
grants write access to the avahi socket.
As a result mdns name resolution fails.


I propose this simple patch to add the read permission:

=== modified file 'profiles/apparmor.d/abstractions/nameservice'
--- profiles/apparmor.d/abstractions/nameservice        2013-01-02 23:34:38 
+0000
+++ profiles/apparmor.d/abstractions/nameservice        2013-11-02 15:03:20 
+0000
@@ -50,7 +50,7 @@
   /etc/default/nss               r,

   # avahi-daemon is used for mdns4 resolution
-  /{,var/}run/avahi-daemon/socket w,
+  /{,var/}run/avahi-daemon/socket rw,

   # nis
   #include <abstractions/nis>

Regards,
Felix

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch] nameservice: read permission to avahi socket

Reply via email to