unbound

Peter Palfrader Mon, 27 Nov 2017 06:27:24 -0800

On Mon, 27 Nov 2017, Simon Deziel wrote:

> On 2017-11-26 03:31 AM, Peter Palfrader wrote:
> > The apparmor policy for unbound allows access to
> > /var/lib/unbound/root.key*, but it does not allow access to any
> > other dynamically updated key the admin might have put there,
> > such as debian.org.key on DSA infrastructure.
> > 
> > Please allow access to all key files.
> 
> Please see the attached patch.


>    # chrooted paths
>    /var/lib/unbound/** r,
> +  owner /var/lib/unbound/*.key* rw,
>    owner /var/lib/unbound/**/*.key* rw,

This would allow /var/lib/unbound/root.key "twice", once via root.key,
once via *.key.

Cheers,
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

Bug#882731: apparmor policy only accepts root.key in /var/lib/unbound

Reply via email to