[Apparmor-dev] avahi-daemon
S.Çağlar Onur
caglar at pardus.org.tr
Wed Feb 13 16:53:56 MST 2008
Hi;
Following patch adds sys_chroot capability to avahi-daemon profile, else avahi-daemon fails like following while appArmor enabled;
zangetsu code # /usr/sbin/avahi-daemon --debug
Found user 'avahi' (UID 120) and group 'avahi' (GID 120).
Successfully dropped root privileges.
chroot.c: chroot() helper started
avahi-daemon 0.6.22 starting up.
Failed to chroot(): Operation not permitted
chroot.c: chroot() helper got command 0d
chroot.c: chroot() helper got command 0c
chroot.c: chroot() helper exiting with return value 0
audit.log
[...]
type=APPARMOR_DENIED msg=audit(1202946385.387:13): operation="capable" name="sys_chroot" pid=17760 profile="/usr/sbin/avahi-daemon"
[...]
Index: profiles/apparmor.d/usr.sbin.avahi-daemon
===================================================================
--- profiles/apparmor.d/usr.sbin.avahi-daemon (revision 1087)
+++ profiles/apparmor.d/usr.sbin.avahi-daemon (working copy)
@@ -10,6 +10,7 @@
capability kill,
capability setuid,
capability setgid,
+ capability sys_chroot,
/etc/avahi/ r,
/etc/avahi/avahi-daemon.conf r,
Cheers
--
S.Çağlar Onur <caglar at pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/
Linux is like living in a teepee. No Windows, no Gates and an Apache in house!
More information about the Apparmor-dev
mailing list