On Tue, Jul 08, 2014 at 09:16:54PM +0200, Christian Boltz wrote: > Hello, > > abstractions/nameservice should allow /run/nscd/passwd etc. in addition > to /var/run/nscd/passwd. > > BTW: it already allows some other files in /run/nscd/ - passwd etc. was > probably missed because it's a complex rule already. > > BTW 2: is /var/db/nscd/passwd and /var/cache/nscd/passwd really > something that we'll find out there? I'm asking because the other > nscd-related rules only allow /{var/,}run/. > > References: https://bugzilla.novell.com/show_bug.cgi?id=886225 > > I propose this patch for trunk and 2.8.
Acked-by: Seth Arnold <seth.arn...@canonical.com> for both trunk and 2.8. I know I've seen /var/cache/nscd/passwd out in the wild but that might very well be glibc from a decade ago at this point. I'm not sure about /var/db/nscd/... Thanks > > > > === modified file 'profiles/apparmor.d/abstractions/nameservice' > --- profiles/apparmor.d/abstractions/nameservice 2014-02-14 01:15:03 > +0000 > +++ profiles/apparmor.d/abstractions/nameservice 2014-07-08 19:06:53 > +0000 > @@ -42,7 +42,7 @@ > # to vast speed increases when working with network-based lookups. > /{,var/}run/.nscd_socket rw, > /{,var/}run/nscd/socket rw, > - /var/{db,cache,run}/nscd/{passwd,group,services,host} r, > + /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,host} r, > # nscd renames and unlinks files in it's operation that clients will > # have open > /{,var/}run/nscd/db* rmix, > > > Regards, > > Christian Boltz > -- > > Hell Listmates, > I don't consider this list "hell". It's unfriendly sometimes, > but only to those who deserve it :P > [> Roman Bysh and Stefan Seyfried in opensuse-factory] > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor