On Tue, Jul 08, 2014 at 09:16:54PM +0200, Christian Boltz wrote:
> Hello,
>
> abstractions/nameservice should allow /run/nscd/passwd etc. in addition
> to /var/run/nscd/passwd.
>
> BTW: it already allows some other files in /run/nscd/ - passwd etc. was
> probably missed because it's a complex rule already.
>
> BTW 2: is /var/db/nscd/passwd and /var/cache/nscd/passwd really
> something that we'll find out there? I'm asking because the other
> nscd-related rules only allow /{var/,}run/.
>
> References: https://bugzilla.novell.com/show_bug.cgi?id=886225
>
> I propose this patch for trunk and 2.8.
Acked-by: Seth Arnold <seth.arn...@canonical.com> for both trunk and 2.8.
I know I've seen /var/cache/nscd/passwd out in the wild but that might
very well be glibc from a decade ago at this point. I'm not sure about
/var/db/nscd/...
Thanks
>
>
>
> === modified file 'profiles/apparmor.d/abstractions/nameservice'
> --- profiles/apparmor.d/abstractions/nameservice 2014-02-14 01:15:03
> +0000
> +++ profiles/apparmor.d/abstractions/nameservice 2014-07-08 19:06:53
> +0000
> @@ -42,7 +42,7 @@
> # to vast speed increases when working with network-based lookups.
> /{,var/}run/.nscd_socket rw,
> /{,var/}run/nscd/socket rw,
> - /var/{db,cache,run}/nscd/{passwd,group,services,host} r,
> + /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,host} r,
> # nscd renames and unlinks files in it's operation that clients will
> # have open
> /{,var/}run/nscd/db* rmix,
>
>
> Regards,
>
> Christian Boltz
> --
> > Hell Listmates,
> I don't consider this list "hell". It's unfriendly sometimes,
> but only to those who deserve it :P
> [> Roman Bysh and Stefan Seyfried in opensuse-factory]
>
>
> --
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
