:: [devuan-dev] bug#321: marked as don…
Top Page
Delete this message
Reply to this message
Author: Devuan bug Tracking System
To: Mark Hindley
Subject: [devuan-dev] bug#321: marked as done (apparmor: Add /etc/mdns.allow to abstractions/mdns)
Your message dated Fri, 3 Feb 2023 14:52:24 +0000
with message-id <Y90fqJVkMD0CHw6T@???>
and subject line Re: bug#321: apparmor: Add /etc/mdns.allow to abstractions/mdns
has caused the Devuan bug report #321,
regarding apparmor: Add /etc/mdns.allow to abstractions/mdns
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@???

321: https://bugs.devuan.org/cgi/bugreport.cgi?bug=321
Devuan Bug Tracking System
Contact owner@??? with problems
Package: apparmor
Version: 2.13.2-10
Severity: important

Dear Maintainer,

* What led up to the situation?
Executables protected by apparmor cannot reach MDNS suffixes declared in
/etc/mdns.allow, and probed by libnss-mdns.

Please see /usr/share/doc/libnss-mdns/README.md.gz in package libnss-mdns.

   * What exactly did you do (or not do) that was effective (or
   Attempt to use, e.g., ntpd to connect to an MNDS domain that isn't .local.

* What was the outcome of this action?
Failure, and a DENIED entry in the kernel to /etc/mdns.allow

* What outcome did you expect instead?
access to the host on the non-.local MDNS domain.

Proposed fix: add /etc/mnds.allow to abstractions/mnds.
This fix works for me.

-- System Information:
Distributor ID:    Devuan
Description:    Devuan GNU/Linux beowulf/ceres
Release:    10
Codename:    n/a
Architecture: x86_64

Kernel: Linux 4.19.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6                  2.28-8
ii  lsb-base               10.2019031300
ii  python3                3.7.2-1

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-profiles-extra  <none>
ii  apparmor-utils           2.13.2-10

-- Configuration Files:
/etc/apparmor.d/abstractions/mdns changed [not included]

-- debconf information excluded
Version: 3.0.0-1

Fixed in Debian. Closing.