Comment 3 for bug 383177
Revision history for this message
| Stéphane Graber (stgraber) wrote Re: [Bug 383177] Re: Main inclusion request for udhcpc | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kees Cook wrote:
> I would like to see 2 things before this gets approved:
> - an AppArmor profile that matches the functionality of the exist dhcp-client profile to confine this root process (see https:/
> - verifying that MTU is not set lower than 576, as we've had to fix with both network-manager and dhcp-client (see bug 352779).
Thanks for the review.
For the apparmor profile, udhcpc will be used in the initramfs where we
don't have apparmor loaded yet, also udhcpc is calling scripts written
by the user and so we can't assume any fix location for these.
For the MTU, udhcpc is only exporting the values from the dhcp server as
environment variable leaving the job of configuring the interface to the
scripts. None of the example scripts are setting the MTU so it's not an
issue.
Stéphane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://
iEYEARECAAYFAkp
8RsAnAlpq0yUdG+
=fHxQ
-----END PGP SIGNATURE-----