From 6f6bce01a160e6c9bede060ee895ee4859c8f3e8 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sat, 6 Sep 2014 23:09:18 +0200
Subject: [PATCH] Allow dnsmasq read access to IPv6 config

The IPv6 Neighbor Discovery protocol (RFC 2461) suggests
implementations provide MTU in Router Advertisement (RA)
messages.  From section 4.2

MTU    SHOULD be sent on links that have a variable MTU
       (as specified in the document that describes how to
       run IP over the particular link type).  MAY be sent
       on other links.

dnsmasq supports this option and should have read access
to an interface's MTU.

Patch by James Fehlig <jfehlig@suse.com>


slightly modified (../conf/**/mtu -> ../conf/*/mtu)


Acked-by: Seth Arnold <seth.arnold@canonical.com>
---
 profiles/apparmor.d/usr.sbin.dnsmasq | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index a13ab3463..7d7b72a5e 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -40,6 +40,10 @@
 
   /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
 
+  # access to iface mtu needed for Router Advertisement messages in IPv6
+  # Neighbor Discovery protocol (RFC 2461)
+  @{PROC}/sys/net/ipv6/conf/**/mtu r,
+
   # for the read-only TFTP server
   @{TFTP_DIR}/ r,
   @{TFTP_DIR}/** r,