mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge dnsmasq: allow paths for podman dnsname plugin in rootless mode

Browse source 
In rootless mode, files needed to access are under /run/user/, so those needs to be defined separately.

similar change than https://gitlab.com/apparmor/apparmor/-/merge_requests/800 but adds permissions for rootless mode.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/909
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
Christian Boltz 2022-08-22 11:57:21 +00:00
commit 406b6398af
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
profiles/apparmor.d/usr.sbin.dnsmasq
View file

@ -111,6 +111,9 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
@{run}/containers/cni/dnsname/*/dnsmasq.conf r,
@{run}/containers/cni/dnsname/*/addnhosts r,
@{run}/containers/cni/dnsname/*/pidfile rw,
owner @{run}/user/*/containers/cni/dnsname/*/dnsmasq.conf r,
owner @{run}/user/*/containers/cni/dnsname/*/addnhosts r,
owner @{run}/user/*/containers/cni/dnsname/*/pidfile rw,
profile libvirt_leaseshelper {
include <abstractions/base>