[Apparmor-dev] Re: [Apparmor-commit] r904 -
trunk/profiles/apparmor.d/abstractions
jesse michael
jmichael at suse.de
Fri Aug 17 18:01:22 MDT 2007
On Tue, Aug 14, 2007 at 09:50:12AM -0600, Novell Forge SVN wrote:
> The Nameservice abstraction configuration file
> (/etc/apparmor.d/abstractions/nameservice) permits reads access to
> (amongst other paths) /etc/resolv.conf.
>
> However, on systems using resolvconf, this is a symbolic link to
> /etc/resolvconf/run/resolv.conf -- where /etc/resolvconf/run itself
> is a symlink to /var/run/resolvconf.
[ snip ]
> + # on systems using resolvconf, /etc/resolv.conf is a symlink to
> + # /etc/resolvconf/run/resolv.conf
> + /etc/resolvconf/run/resolv.conf r,
The checkin comment talks about permission to /var/run/resolvconf/resolv.conf,
but the rule that was actually added to the profile was only for the symlink
at /etc/resolvconf/run/resolv.conf not the actual destination file.
More information about the Apparmor-dev
mailing list