<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:10pt"><div><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;">Hi all,</span></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;">would you please share a valid Apparmor profile for dnsmasq (Ubuntu), if you have one, or a good reference about this topic in openStack?<br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;">I tried to use the default profile provided by Canonical, but it still complains with some DENIED on
Neutron node (Grizzly 2013.1.2), for examples:</div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;"><div>Jan 13 06:25:19 neutron1 kernel: [2301400.755895] type=1400 audit(1389594319.479:<wbr>124798688): apparmor="DENIED" operation="open" parent=19108 profile="/usr/sbin/dnsmasq" name="/proc</div><div>/9463/mounts" pid=9463 comm="python" requested_mask="r" denied_mask="r" fsuid=0 ouid=0</div><div><br></div><div>Jan 13 06:25:19 neutron1 kernel: [2301400.757665] type=1400 audit(1389594319.483:<wbr>124798689): apparmor="DENIED" operation="exec" parent=9473 profile="/usr/sbin/dnsmasq" name="/sbin/</div><div>ldconfig" pid=9476 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0</div><div><br></div><div>Jan 13 06:25:19 neutron1 kernel: [2301400.758668] type=1400
audit(1389594319.483:<wbr>124798693): apparmor="DENIED" operation="mknod" parent=19108 profile="/usr/sbin/dnsmasq" name="/tmp/RI6kSv" pid=9463 comm="python" requested_mask="c" denied_mask="c" fsuid=0 ouid=0</div><div><br></div><div>Jan 13 06:25:19 neutron1 kernel: [2301400.758737] type=1400 audit(1389594319.483:<wbr>124798694): apparmor="DENIED" operation="mknod" parent=19108 profile="/usr/sbin/dnsmasq" name="/var/tmp/bXIlha" pid=9463 comm="python" requested_mask="c" denied_mask="c" fsuid=0 ouid=0</div><div><br></div><div>Jan 13 06:25:19 neutron1 kernel: [2301400.758809] type=1400 audit(1389594319.483:<wbr>124798695): apparmor="DENIED" operation="mknod" parent=19108 profile="/usr/sbin/dnsmasq" name="/lens9X" pid=9463 comm="python" requested_mask="c" denied_mask="c" fsuid=0 ouid=0</div><div><br></div><div>Jan 13 06:25:19 neutron1 kernel: [2301400.758995] type=1400 audit(1389594319.483:<wbr>124798696): apparmor="DENIED" operation="mknod" parent=11094
profile="/usr/sbin/dnsmasq" name="/tmp/0XF3vE" pid=9462 comm="python" requested_mask="c" denied_mask="c" fsuid=0 ouid=0</div></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br></div><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.800000190734863px;">Many thanks</div></div></body></html>