Update usr.sbin.dnsmasq profile for network api in lxd

Bug #1631409 reported by hda_launchpad on 2016-10-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)

Bug Description

Currently dnsmasq profile includes extra rights for lxd. Current usr.sbin.dnsmasq profile works with current lxd from xenial repository. But in lxd git (available in lxd-git-master ppa now) version network api was introduced, and since lxd quite active, is not too long since new lxd will be xenial repository. And that means people will lose network in all containers in production in future. This could be fixed with this extra rule in usr.sbin.dnsmasq profile:
/var/lib/lxd/networks/** rw,
in usr.sbin.dnsmasq profile.

1) Ubuntu 16.04.1 LTS

2) apparmor-profiles (currently 2.10.95-0ubuntu2.4). I couldn't select apparmor-profiles, only apparmor or apparmor-profiles-extra. Don't know why, mb launchpad bug.

3) What you expected to happen:
network in lxd will start

4) apparmor usr.sbin.dnsmasq profile blocks network in new lxd version

Bug original source:

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers