Your message dated Tue, 29 Mar 2016 21:49:51 +0000 with message-id <[email protected]> and subject line Bug#813835: fixed in apparmor 2.10-4 has caused the Debian Bug report #813835, regarding abstractions/nameservice: does not allow NetworkManager without resolvconf to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 813835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813835 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: apparmor Version: 2.10-3 Severity: normal Tags: upstream patch On systems with NetworkManager but no resolvconf, /etc/resolv.conf is a symlink to /var/run/NetworkManager/resolv.conf: lrwxrwxrwx 1 root root 35 Feb 5 17:07 /etc/resolv.conf -> /var/run/NetworkManager/resolv.conf leading to denials like this: Feb 05 17:20:09 archetype kernel: audit: type=1400 audit(1454692809.391:306): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/run/NetworkManager/resolv.conf" pid=1032 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=124 ouid=0 I would like to propose this patch: --- /etc/apparmor.d/abstractions/nameservice 2016-02-02 13:49:52.929534484 +0000 +++ /home/smcv/tmp/nameservice 2016-02-05 17:34:58.929681171 +0000 @@ -35,8 +35,9 @@ /etc/resolv.conf r, # on systems using resolvconf, /etc/resolv.conf is a symlink to # /{,var/}run/resolvconf/resolv.conf and a file sometimes referenced in - # /etc/resolvconf/run/resolv.conf - /{,var/}run/resolvconf/resolv.conf r, + # /etc/resolvconf/run/resolv.conf. Similarly, if NetworkManager is used + # without resolvconf, /etc/resolv.conf is a symlink to its own resolv.conf. + /{,var/}run/{resolvconf,NetworkManager}/resolv.conf r, /etc/resolvconf/run/resolv.conf r, /etc/samba/lmhosts r, For a bit of future-proofing, you might also want to allow systemd/resolve as a third option in the {} group (see systemd-resolved(8) for details). Regards, S
--- End Message ---
--- Begin Message ---Source: apparmor Source-Version: 2.10-4 We believe that the bug you reported is fixed in the latest version of apparmor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felix Geyer <[email protected]> (supplier of updated apparmor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 29 Mar 2016 22:30:30 +0200 Source: apparmor Binary: apparmor apparmor-utils apparmor-profiles apparmor-docs libapparmor-dev libapparmor1 libapparmor-perl libapache2-mod-apparmor libpam-apparmor apparmor-notify python-libapparmor python3-libapparmor python-apparmor python3-apparmor dh-apparmor apparmor-easyprof Architecture: source Version: 2.10-4 Distribution: unstable Urgency: medium Maintainer: Debian AppArmor Team <[email protected]> Changed-By: Felix Geyer <[email protected]> Description: apparmor - user-space parser utility for AppArmor apparmor-docs - documentation for AppArmor apparmor-easyprof - AppArmor easyprof profiling tool apparmor-notify - AppArmor notification system apparmor-profiles - profiles for AppArmor Security policies apparmor-utils - utilities for controlling AppArmor dh-apparmor - AppArmor debhelper routines libapache2-mod-apparmor - changehat AppArmor library as an Apache module libapparmor-dev - AppArmor development libraries and header files libapparmor-perl - AppArmor library Perl bindings libapparmor1 - changehat AppArmor library libpam-apparmor - changehat AppArmor library as a PAM module python-apparmor - AppArmor Python utility library python-libapparmor - AppArmor library Python bindings python3-apparmor - AppArmor Python3 utility library python3-libapparmor - AppArmor library Python3 bindings Closes: 813835 Changes: apparmor (2.10-4) unstable; urgency=medium . * Team upload. * Backport latest nameservice abstraction. (Closes: #813835) - Allows reading resolv.conf from NetworkManager and systemd-networkd. - Add nameservice-abstraction.patch Checksums-Sha1: 05474e947b983f1d8f8613a88b2a808cc42a4ab1 3175 apparmor_2.10-4.dsc e972f08346cd817c0c5f569d74f52fa9052f2205 78184 apparmor_2.10-4.debian.tar.xz Checksums-Sha256: 676f9e5c83c039df57fe2ffca132509e68a5f345153a416dc71dc6ec3f5d0534 3175 apparmor_2.10-4.dsc 30823860b549c9ba15bac14e53070af4a7881db5ee5e1d03793fd666bd7d7272 78184 apparmor_2.10-4.debian.tar.xz Files: cc8c8a385fdf38799e8e759f80df0dfe 3175 admin extra apparmor_2.10-4.dsc 943fd6e43c4344a3961ca9e81f42b128 78184 admin extra apparmor_2.10-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW+uYaAAoJEP4ixv2DE11FVFEP/RFwWKC0aHBWZYaQy9YUFTAY C69eliFkeZ9JMmC2H+pe4aM0Gjdk7Go3I40gwVlZfmx9HWb3XgnJ6jw7AVArKMdS LsrEgYks1ngI2/FhKRCyhrOYqeLWYZ51ZDG6n/pz2sMgNCzZekdK075pvQPDFgKf hxu29wxiETVjaJ8k3S4SvgKaueVy518xLlTa2Ba58h1sRu2JFdiiQi1pjEVIy5Ak ItwXwO5py5FMbAcBk+noK6d4YsxxLJNazHuZjqcLMcfzHkRivOdnDmi26KHkuNPa cGx1kN3rlzZB/wLgLgb0Ztnvi0kHdRTk2pfqcW2oiiBnjxjFI6dHKyB3EvRMOoHe n/6u1PxyoYiJvwKUwsT7O44jxbrQXSXbmfPXnxY/FeW/gX77hOx0hmKDGtCi9uQL PARes8NV0PRELkUmY0n2ZHbv1Td2VzlXplubP6EsfAbgfRrPxptOLVIPSxwpQRFo yZ7meJ1+Zc2jT/GAgT2km2+TaZxVLIhvi1f3k93hTGz33glPdJq8oDIZWmWqLPKp i0C7T0pgpawYzhMl6Ez7A1GbxgTDNnO1TSHlGqLH5cUI2IXc2soeXBzidoC2zYbv xp+MX2V4H+snc8WYz+tZGcRVScoKuvdjIPmW+ewHRRNWlWDN/tYTRogZhmHJ09kR Dpo6LMsmt9MzbDmxAneK =jV0F -----END PGP SIGNATURE-----
--- End Message ---
