Re: [apparmor] [patch] nameservice: read permission to avahi socket

John Johansen Tue, 05 Nov 2013 15:08:09 -0800

On 11/02/2013 08:15 AM, Felix Geyer wrote:
> Hi,
> 
> AppArmor requires read and write permission to connect to
> unix domain sockets but the nameservice abstraction only
> grants write access to the avahi socket.
> As a result mdns name resolution fails.
> 
> I propose this simple patch to add the read permission:
> 
> === modified file 'profiles/apparmor.d/abstractions/nameservice'
> --- profiles/apparmor.d/abstractions/nameservice      2013-01-02 23:34:38 
> +0000
> +++ profiles/apparmor.d/abstractions/nameservice      2013-11-02 15:03:20 
> +0000
> @@ -50,7 +50,7 @@
>    /etc/default/nss               r,
> 
>    # avahi-daemon is used for mdns4 resolution
> -  /{,var/}run/avahi-daemon/socket w,
> +  /{,var/}run/avahi-daemon/socket rw,
> 
>    # nis
>    #include <abstractions/nis>
> 
yep this is true for saucy and on


Acked-by: John Johansen <[email protected]>


-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [patch] nameservice: read permission to avahi socket

Reply via email to