AppArmor Profiles

Merge lp:~sdeziel/apparmor-profiles/unbound-refresh into lp:apparmor-profiles

  1. unbound-refresh
  2. Merge into master
Proposed by Simon Déziel
Status: Merged
Merged at revision: 159
Proposed branch: lp:~sdeziel/apparmor-profiles/unbound-refresh
Merge into: lp:apparmor-profiles
Diff against target: 15 lines (+0/-5)
1 file modified
ubuntu/16.04/usr.sbin.unbound (+0/-5)
To merge this branch: bzr merge lp:~sdeziel/apparmor-profiles/unbound-refresh
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+291752@code.launchpad.net

Description of the change

Unbound 1.5.8 landed in Ubuntu not long ago (LP: #1556308). This release no longer attempts to use the chown/dac_override caps so let's drop those denials.

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks, looks good! Merged.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ubuntu/16.04/usr.sbin.unbound'
2--- ubuntu/16.04/usr.sbin.unbound 2016-02-01 21:06:19 +0000
3+++ ubuntu/16.04/usr.sbin.unbound 2016-04-13 13:12:37 +0000
4@@ -7,11 +7,6 @@
5 #include <abstractions/nameservice>
6 #include <abstractions/openssl>
7
8- # needlessly chown'ing the PID, for details see:
9- # https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=734
10- deny capability chown,
11- deny capability dac_override,
12-
13 capability net_bind_service,
14 capability setgid,
15 capability setuid,

Subscribers

People subscribed via source and target branches

to status/vote changes: