[Openstack] Apparmor profile for dnsmasq
Joni Lee
webcokies at yahoo.com
Mon Jan 13 12:51:58 UTC 2014
Hi all,
would you please share a valid Apparmor profile for dnsmasq (Ubuntu), if you have one, or a good reference about this topic in openStack?
I tried to use the default profile provided by Canonical, but it still complains with some DENIED on Neutron node (Grizzly 2013.1.2), for examples:
Jan 13 06:25:19 neutron1 kernel: [2301400.755895] type=1400 audit(1389594319.479:124798688): apparmor="DENIED" operation="open" parent=19108 profile="/usr/sbin/dnsmasq" name="/proc
/9463/mounts" pid=9463 comm="python" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jan 13 06:25:19 neutron1 kernel: [2301400.757665] type=1400 audit(1389594319.483:124798689): apparmor="DENIED" operation="exec" parent=9473 profile="/usr/sbin/dnsmasq" name="/sbin/
ldconfig" pid=9476 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Jan 13 06:25:19 neutron1 kernel: [2301400.758668] type=1400 audit(1389594319.483:124798693): apparmor="DENIED" operation="mknod" parent=19108 profile="/usr/sbin/dnsmasq" name="/tmp/RI6kSv" pid=9463 comm="python" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Jan 13 06:25:19 neutron1 kernel: [2301400.758737] type=1400 audit(1389594319.483:124798694): apparmor="DENIED" operation="mknod" parent=19108 profile="/usr/sbin/dnsmasq" name="/var/tmp/bXIlha" pid=9463 comm="python" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Jan 13 06:25:19 neutron1 kernel: [2301400.758809] type=1400 audit(1389594319.483:124798695): apparmor="DENIED" operation="mknod" parent=19108 profile="/usr/sbin/dnsmasq" name="/lens9X" pid=9463 comm="python" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Jan 13 06:25:19 neutron1 kernel: [2301400.758995] type=1400 audit(1389594319.483:124798696): apparmor="DENIED" operation="mknod" parent=11094 profile="/usr/sbin/dnsmasq" name="/tmp/0XF3vE" pid=9462 comm="python" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Many thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140113/b78f24ee/attachment.html>
More information about the Openstack
mailing list