Update usr.sbin.dnsmasq profile for network api in lxd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Intro:
Currently dnsmasq profile includes extra rights for lxd. Current usr.sbin.dnsmasq profile works with current lxd from xenial repository. But in lxd git (available in lxd-git-master ppa now) version network api was introduced, and since lxd quite active, is not too long since new lxd will be xenial repository. And that means people will lose network in all containers in production in future. This could be fixed with this extra rule in usr.sbin.dnsmasq profile:
/var/lib/
in usr.sbin.dnsmasq profile.
1) Ubuntu 16.04.1 LTS
2) apparmor-profiles (currently 2.10.95-
3) What you expected to happen:
network in lxd will start
4) apparmor usr.sbin.dnsmasq profile blocks network in new lxd version
Bug original source:
https:/