Bug ID 1210217
Summary aa-logprof doesn't see a DENIED in dnsmasq service.
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.4
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component AppArmor
Assignee suse-beta@cboltz.de
Reporter carlos.e.r@opensuse.org
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

I configured this line in /etc/dnsmasq.conf:

resolv-file=/run/NetworkManager/no-stub-resolv.conf

and restarted the service, which complained:

Apr 06 12:40:22 Laicolasse.valinor dnsmasq[20083]: failed to read
/run/NetworkManager/no-stub-resolv.conf: Permission denied

However, aa-logprof said nothing:

Laicolasse:~ # aa-logprof 
Updating AppArmor profiles in /etc/apparmor.d.
Reading log entries from /var/log/audit/audit.log.
Enforce-mode changes:
Laicolasse:~ #

Yet, the event was there:

type=AVC msg=audit(1680777622.544:321): apparmor="DENIED" operation="open"
class="file" profile="dnsmasq" name="/run/NetworkManager/no-stub-resolv.conf"
pid=20083 c
omm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=480 ouid=0


I got the service working after adding line to
/etc/apparmor.d/local/usr.sbin.dnsmasq:

/run/NetworkManager/no-stub-resolv.conf r,

and "systemctl restart apparmor.service".


Machine is freshly installed laptop with 15.4

You are receiving this mail because: