Hello, in /etc/nscd.conf there is an option allowing to restart nscd after a certain time. However, this requires reading /proc/self/cmdline - otherwise nscd will disable paranoia mode.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=971790 I propose this patch for trunk, 2.10 and 2.9 [ profiles-nscd-paranoia.diff ] === modified file 'profiles/apparmor.d/usr.sbin.nscd' --- profiles/apparmor.d/usr.sbin.nscd 2014-12-01 22:44:13 +0000 +++ profiles/apparmor.d/usr.sbin.nscd 2016-03-21 19:57:03 +0000 @@ -31,6 +31,7 @@ /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, /{,var/}run/{nscd/,}nscd.pid rwl, /var/log/nscd.log rw, + @{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/fd/ r, @{PROC}/@{pid}/fd/* r, @{PROC}/@{pid}/mounts r, Regards, Christian Boltz -- Wenn's eine kaputte Platte ist: Entsorgen, Backup zurückspielen. Wenn's kein Backup gibt - nennt sich das ganze "lernen" ;-) [Arno Lehmann in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
