[pkg-apparmor] Bug#810888: bin.ping: does not let iputils-ping read /etc/libnl-3 or @{PROC}/@{pid}/net/psched
intrigeri
intrigeri at debian.org
Wed Jan 13 12:04:00 UTC 2016
Control: tag -1 + upstream
Hi Simon,
let's discuss and polish the patch here, and them I can deal with
upstreaming it.
> Please consider these new rules for /{usr/,}bin/ping:
Thanks!
> /etc/libnl*/** r,
For the dnsmasq profile we have:
/etc/libnl-3/classid r,
Presumably, this would be enough for ping as well. Maybe this would be
more future-proof though:
/etc/libnl-*/classid r,
What do you think?
> @{PROC}/@{pid}/net/psched r,
OK, this makes sense to me.
> The rule for psched can't use "owner" because fsuid != ouid.
Confirmed.
> which address these AppArmor complaints:
Just curious, how can I trigger them locally?
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list