Devuan bug report logs - #321
apparmor: Add /etc/mdns.allow to abstractions/mdns

Package: apparmor; Maintainer for apparmor is (unknown);

Reported by: Luigi Bai <lpb+deb@kandl.houston.tx.us>

Date: Sat, 27 Apr 2019 15:18:01 UTC

Severity: normal

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.devuan.org
Subject: bug#321: apparmor: Add /etc/mdns.allow to abstractions/mdns
Reply-To: Luigi Bai <lpb+deb@kandl.houston.tx.us>, 321@bugs.devuan.org
Resent-From: Luigi Bai <lpb+deb@kandl.houston.tx.us>
Resent-To: devuan-bugs@lists.dyne.org
Resent-CC: owner@bugs.devuan.org
Resent-Date: Sat, 27 Apr 2019 15:18:01 UTC
Resent-Message-ID: <handler.321.B.15563778025585@bugs.devuan.org>
Resent-Sender: owner@bugs.devuan.org
X-Devuan-PR-Message: report 321
X-Devuan-PR-Package: apparmor
X-Devuan-PR-Keywords: 
Received: via spool by submit@bugs.devuan.org id=B.15563778025585
          (code B ref -1); Sat, 27 Apr 2019 15:18:01 UTC
Received: (at submit) by bugs.devuan.org; 27 Apr 2019 15:10:02 +0000
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by fulcanelli with IMAP (fetchmail-6.3.26)
	for <debbugs@localhost> (single-drop); Sat, 27 Apr 2019 17:10:02 +0200 (CEST)
Received: from gil.mayfirst.org (gil.mayfirst.org [216.66.23.48])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 31D3CF60972
	for <submit@bugs.devuan.org>; Sat, 27 Apr 2019 17:04:44 +0200 (CEST)
Received: from gil.mayfirst.org (unknown [127.0.0.1])
	by gil.mayfirst.org (Postfix) with ESMTP id 305DC5E96;
	Sat, 27 Apr 2019 11:04:42 -0400 (EDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: xxxxx) with ESMTPSA id 016A15E82
Received: by debian.local (Postfix, from userid 1000)
	id AE1488040; Sat, 27 Apr 2019 10:04:39 -0500 (CDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Luigi Bai <lpb+deb@kandl.houston.tx.us>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Message-ID: <155637747898.16775.9163846764972860518.reportbug@lpblinvm.vm.kandl.houston.tx.us>
X-Mailer: reportbug 7.5.1+devuan1
Date: Sat, 27 Apr 2019 10:04:39 -0500
X-Virus-Scanned: ClamAV using ClamSMTP
X-Spam-Status: No, score=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS,
	UNPARSEABLE_RELAY autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org
Package: apparmor
Version: 2.13.2-10
Severity: important

Dear Maintainer,

   * What led up to the situation?
   Executables protected by apparmor cannot reach MDNS suffixes declared in
   /etc/mdns.allow, and probed by libnss-mdns.

   Please see /usr/share/doc/libnss-mdns/README.md.gz in package libnss-mdns.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   Attempt to use, e.g., ntpd to connect to an MNDS domain that isn't .local.

   * What was the outcome of this action?
   Failure, and a DENIED entry in the kernel to /etc/mdns.allow

   * What outcome did you expect instead?
   access to the host on the non-.local MDNS domain.

   Proposed fix: add /etc/mnds.allow to abstractions/mnds.
   This fix works for me.


-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux beowulf/ceres
Release:	10
Codename:	n/a
Architecture: x86_64

Kernel: Linux 4.19.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6                  2.28-8
ii  lsb-base               10.2019031300
ii  python3                3.7.2-1

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-profiles-extra  <none>
ii  apparmor-utils           2.13.2-10

-- Configuration Files:
/etc/apparmor.d/abstractions/mdns changed [not included]

-- debconf information excluded


Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Thu Apr 22 01:38:05 2021;