And thereby should have:
/etc/apparmor.d/abstractions/nameservice: #include <abstractions/mdns>
Which in turn defines:
/etc/apparmor.d/abstractions/mdns: # mdnsd
/etc/apparmor.d/abstractions/mdns: /etc/nss_mdns.conf r,
/etc/apparmor.d/abstractions/mdns: /{,var/}run/mdnsd w,
There is no mdns.allow but if that is a common thing for mdns we should add the rule.
The file belongs to apparmor itself and I think that abstraction would need a fix:
apparmor: /etc/apparmor.d/abstractions/mdns
Therefore this bug IMHO is actually: "please add /etc/mdns.allow to /etc/apparmor.d/abstractions/mdns"
I'll modify it accordingly, but please speak up if you disagree.
Since this potentially hits any apparmor isolated application using nameservices I'd mark it as critical until the security Team explains why it is not. OTOH such a one line addition should be easily done in apparmor.
Hi, d/usr.sbin. chronyd has
/etc/apparmor.
#include <abstractions/ nameservice>
And thereby should have: d/abstractions/ nameservice: #include <abstractions/mdns>
/etc/apparmor.
Which in turn defines: d/abstractions/ mdns: # mdnsd d/abstractions/ mdns: /etc/nss_mdns.conf r, d/abstractions/ mdns: /{,var/}run/mdnsd w,
/etc/apparmor.
/etc/apparmor.
/etc/apparmor.
There is no mdns.allow but if that is a common thing for mdns we should add the rule. d/abstractions/ mdns
The file belongs to apparmor itself and I think that abstraction would need a fix:
apparmor: /etc/apparmor.
It seems it is a common pattern, see /github. com/lathiat/ nss-mdns# etcmdnsallow
https:/
Therefore this bug IMHO is actually: "please add /etc/mdns.allow to /etc/apparmor. d/abstractions/ mdns"
I'll modify it accordingly, but please speak up if you disagree.
Since this potentially hits any apparmor isolated application using nameservices I'd mark it as critical until the security Team explains why it is not. OTOH such a one line addition should be easily done in apparmor.