Merge ping: allow reading /proc/sys/net/ipv6/conf/all/disable_ipv6

Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082190 I propose this patch for 3.0..master. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1340 Approved-by: Georgia Garcia <georgia.garcia@canonical.com> Merged-by: Christian Boltz <apparmor@cboltz.de> (cherry picked from commit 4b6df10fe3) df4d7cb8 ping: allow reading /proc/sys/net/ipv6/conf/all/disable_ipv6 Co-authored-by: Christian Boltz <apparmor@cboltz.de>
2025-03-04 08:24:42 +01:00 · 2024-09-30 21:43:19 +00:00 · 2024-09-30 21:43:19 +00:00 · f3c1c8ada8
commit f3c1c8ada8
parent dde18a21fa
2 changed files with 2 additions and 0 deletions
--- a/profiles/apparmor.d/bin.ping
+++ b/profiles/apparmor.d/bin.ping
@ -24,6 +24,7 @@ profile ping /{usr/,}bin/{,iputils-}ping {

  /{,usr/}bin/{,iputils-}ping mixr,
  /etc/modules.conf r,
+  @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/bin.ping>
--- a/utils/test/logprof/ping.bin.ping
+++ b/utils/test/logprof/ping.bin.ping
@ -29,5 +29,6 @@ profile ping /{usr/,}bin/{,iputils-}ping {
  /etc/modules.conf r,
  /proc/21622/cmdline r,
  /{,usr/}bin/{,iputils-}ping mrix,
+  @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,

 }