mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

profiles: dhcpd: add rule for port_range

Browse source 
The following AppArmor denial errors are shown on startup:

Oct 25 00:52:00 xxx kernel: [  556.231990] audit: type=1400 audit(1603601520.710:32): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=1982 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Oct 25 00:52:00 xxx kernel: [  556.232257] audit: type=1400 audit(1603601520.710:33): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=1982 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Fixes: https://bugs.launchpad.net/bugs/1901373
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/726
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve.beattie@canonical.com>
(cherry picked from commit 277677daf3)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2021-03-15 15:17:40 -07:00
parent b7e6a0a042
commit b63dfedb0b
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
profiles/apparmor/profiles/extras/usr.sbin.dhcpd
View file

@ -30,6 +30,7 @@
/etc/hosts.allow r, /etc/hosts.allow r,
/etc/hosts.deny r, /etc/hosts.deny r,
@{PROC}/net/dev r, @{PROC}/net/dev r,
@{PROC}/sys/net/ipv4/ip_local_port_range r,
/usr/sbin/dhcpd rmix, /usr/sbin/dhcpd rmix,
/var/lib/dhcp/{db/,}dhcpd.leases* rwl, /var/lib/dhcp/{db/,}dhcpd.leases* rwl,
/var/lib/dhcp/etc/dhcpd.conf r, /var/lib/dhcp/etc/dhcpd.conf r,