dnsmasq's profile does not account for the TFTP server feature
Bug #905412 reported by
Simon Déziel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The dnsmasq's profile does not authorize read and write to a directory shared by TFTP. Here are the errors I get :
Dec 16 11:46:30 pxe01 kernel: [ 1994.097495] type=1503 audit(132405399
That is when using "tftp-root=
/var/tftp/ r,
/var/tftp/** rw,
This problem was found on Lucid and is still present in the latest development version, Precise.
Related branches
lp://qastaging/~sdeziel/apparmor/dnsmasq-tftp
- Jamie Strandboge: Approve
-
Diff: 23 lines (+6/-0)1 file modifiedprofiles/apparmor.d/usr.sbin.dnsmasq (+6/-0)
To post a comment you must log in.
I mistakenly added write access to the TFTP directory but that is not needed nor wanted as shown by the man page :
--enable- tftp[=< interface> ]
Enable the TFTP server function. This is deliberately limited to that needed to net-boot a client. Only reading is allowed; the
tsize and blksize extensions are supported (tsize is only supported in octet mode).
The bzr branch was updated to remove the write access.