Merge dnsmasq: allow paths for podman dnsname plugin

The dnsname plugin in podman needs access to some files in /run/containers/cni/dnsname/*/ This is also documented upstream: https://github.com/containers/dnsname/blob/main/README_PODMAN.md but nobody thought about telling us to just update the profile :-/ Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1190271 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/800 Acked-by: John Johansen <john.johansen@canonical.com>
2025-03-04 08:24:42 +01:00 · 2021-09-16 21:33:02 +00:00 · 2021-09-16 21:33:02 +00:00 · 3b6257edea
commit 3b6257edea
parent c37586cd11 254ebacbd8
1 changed files with 5 additions and 0 deletions
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@ -107,6 +107,11 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
  @{run}/NetworkManager/dnsmasq.pid w,
  @{run}/NetworkManager/NetworkManager.pid w,

+  # dnsname plugin in podman
+  @{run}/containers/cni/dnsname/*/dnsmasq.conf r,
+  @{run}/containers/cni/dnsname/*/addnhosts r,
+  @{run}/containers/cni/dnsname/*/pidfile rw,
+
  profile libvirt_leaseshelper {
    include <abstractions/base>