[lxc-devel] [lxd/master] lxd/apparmor: Allow access to zoneinfo files

stgraber on Github lxc-bot at linuxcontainers.org
Thu Oct 1 16:12:36 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 375 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201001/daeaa450/attachment.bin>
-------------- next part --------------
From 4950044cd42f5425c746da494b7e59bfd32833b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 1 Oct 2020 12:10:24 -0400
Subject: [PATCH] lxd/apparmor: Allow access to zoneinfo files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported in #7935

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/apparmor/network_dnsmasq.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lxd/apparmor/network_dnsmasq.go b/lxd/apparmor/network_dnsmasq.go
index ef2c5ef691..e77efd5029 100644
--- a/lxd/apparmor/network_dnsmasq.go
+++ b/lxd/apparmor/network_dnsmasq.go
@@ -37,6 +37,7 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
   # Additional system files
   @{PROC}/sys/net/ipv6/conf/*/mtu r,
   @{PROC}/@{pid}/fd/ r,
+  {{ .rootPath }}/usr/share/zoneinfo/**  r,
 
   # System configuration access
   {{ .rootPath }}/etc/gai.conf           r,


More information about the lxc-devel mailing list