AppArmor profile for sbin.dhclient3 should handle connman
Bug #333711 reported by
Mark Shuttleworth
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Connection Manager |
Fix Released
|
Medium
|
|||
connman (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
dhcp3 (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Connection manager ("connman") runs /sbin/dhclient using some specific actions and stores leases in different locations to NetworkManager. The new sbin.dhclient3 AppArmor profile prevents connman from acquiring an IP address and storing the lease, I include a patch to the profile which addresses that.
I'm not sure whether AppArmor configurations can extend one another. If so, it may be better to extend the dhclient profiles (/sbin/dhclient3, /sbin/dhclient-
Related branches
Changed in connman: | |
status: | Unknown → Confirmed |
Changed in connman: | |
status: | Confirmed → Fix Released |
Changed in connman: | |
importance: | Unknown → Medium |
To post a comment you must log in.
At this time, there is not currently a way to extend a profile in this manner, as the calling program's (in this case /sbin/dhclient3) profile must know about the called program. Since the called program's (/usr/lib/ connman/ scripts/ dhclient- script) profile has basically just the path to the called program, we may as well keep the profile in the dhclient3 profile. If connman's dhclient-script profile gets significantly more complicated, we should reconsider moving it to connman itself.
Thanks for the patch Mark. This should be uploaded shortly.