** Changed in: apparmor (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To manage not
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To manage no
Patch commited to bzr trunk r3574. AppArmor 2.11 will include it.
** Changed in: apparmor
Status: New => Fix Committed
** Changed in: apparmor
Milestone: None => 2.11
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
dnsmasq.* indeed sounds like a good idea, and shouldn't cause any harm.
I've sent another patch to the mailinglist for review.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10,
Yes, so basically we have:
- dnsmasq.pid (create + read/write by dnsmasq)
- dnsmasq.raw (read by dnsmasq)
- dnsmasq.hosts (read by dnsmasq)
- dnsmasq.leases (create + read/write by dnsmasq)
I'd be tempted to just go with:
/var/lib/lxd/networks/*/dnsmasq.pid rw,
/var/lib/lxd/networks/*/dnsmasq
"c" means to create a file, so you'll need write permissions. Judging on other
rules in the profile, you'll also need read permissions. To sum it up:
/var/lib/lxd/networks/*/dnsmasq.pid rw,
Anything else after adding this?
--
You received this bug notification because you are a member of Ubun
Another message:
audit: type=1400 audit(1476791887.152:118): apparmor="DENIED"
operation="mknod" profile="/usr/sbin/dnsmasq"
name="/var/lib/lxd/networks/lxdbr0/dnsmasq.pid" pid=5480 comm="dnsmasq"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
--
You received this bug notification because you
dnsmasq.leases added in trunk r3573 (before noticing comment #5 ;-)
comment #5 means you'll need to add
/var/lib/lxd/networks/*/dnsmasq.hosts r,
After adding this (and reloading the profile), do you see more DENIED
messages?
--
You received this bug notification because you are a member of
** Branch linked: lp:apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To manage notifications about this bug go to:
https
I'm afraid it won't be enough...:
audit: type=1400 audit(1476780672.803:99): apparmor="DENIED"
operation="open" profile="/usr/sbin/dnsmasq"
name="/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts" pid=5165
comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
--
You received this bug notific
Thanks for the feedback!
I just submitted the patch for review upstream.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To mana
/var/lib/lxd/networks/*/dnsmasq.leases rw,
should work fine
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enforced dsnmasq profile
To manage notificati
The interface name is decided by the user in LXD 2.3 or higher, so it
can be any valid interface name.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634199
Title:
In 16.10, LXD won't work with enfo
Sounds like the path changed.
You'll need to add the following rule to /etc/apparmor.d/usr.sbin.dnsmasq (or
to the local/ include):
/var/lib/lxd/networks/lxdbr*/dnsmasq.leases rw,
BTW: Do you know if lxd supports different network interface types that
don't match the lxdbr* name pattern? If ye
14 matches
Mail list logo