isc-dhcp-server apparmor profile should have include ".d"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
isc-dhcp (Ubuntu) |
Fix Released
|
Medium
|
Scott Moser | ||
Precise |
Fix Released
|
Medium
|
Stéphane Graber | ||
Quantal |
Fix Released
|
Medium
|
Scott Moser | ||
maas (Ubuntu) |
Fix Released
|
Critical
|
Scott Moser | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Critical
|
Scott Moser |
Bug Description
/etc/apparmor.
# Eucalyptus
/{,var/
/{,var/
/{,var/
/{,var/
/{,var/
and
#include <local/
[rationale]
The MAAS project is looking to use isc-dhcp-server almost exactly like eucalyptus did, and as a result would need some changes to this profile. In speaking with jdstrand [1], he suggested that "#include <isc-dhcpd.d>" was the preferred way to enable this.
[test case]
Just make sure the apparmor profile gets updated and doesn't fail to load. Proper testing will have to be done once the mass change lands.
[regression potential]
Was tested on quantal and it's already widely used apparmor syntax, so the worst I can think of is that the line just won't work and won't include the profile once it lands in maas.
--
[1] http://
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: isc-dhcp-server 4.2.4-1ubuntu7
ProcVersionSign
Uname: Linux 3.5.0-13-generic x86_64
ApportVersion: 2.5.1-0ubuntu7
Architecture: amd64
Date: Tue Sep 11 15:01:45 2012
DhServerLeases:
Ec2AMI: ami-00000148
Ec2AMIManifest: FIXME
Ec2Availability
Ec2InstanceType: m1.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
KernLog:
ProcEnviron:
TERM=screen
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: isc-dhcp
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile.
Related branches
- Stéphane Graber: Pending requested
-
Diff: 48 lines (+12/-0)4 files modifieddebian/apparmor-profile.dhcpd (+3/-0)
debian/changelog (+7/-0)
debian/isc-dhcp-server.install (+1/-0)
debian/rules (+1/-0)
- Julian Edwards (community): Approve
-
Diff: 53 lines (+20/-5)4 files modifieddebian/changelog (+7/-5)
debian/maas-dhcp.apparmor (+7/-0)
debian/maas-dhcp.install (+1/-0)
debian/rules (+5/-0)
tags: | added: rls-q-incoming |
Changed in maas (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → Scott Moser (smoser) |
Changed in isc-dhcp (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → High |
importance: | High → Medium |
tags: | removed: rls-q-incoming |
Changed in maas (Ubuntu Quantal): | |
status: | In Progress → Fix Committed |
description: | updated |
Changed in isc-dhcp (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
Changed in maas (Ubuntu Precise): | |
status: | New → Fix Released |
Copying from Eucalyptus, and given my changes in the linked branch here, maas packaging will write a file in /etc/apparmor. d/dhcp. d/maas with content like: }run/maas/ net/ r, }run/maas/ net/** r, }run/maas/ net/*.pid lrw, }run/maas/ net/*.leases* lrw, }run/maas/ net/*.trace lrw,
# Maas
/{,var/
/{,var/
/{,var/
/{,var/
/{,var/
(or whatever seems reasonable for maas).