Hello, Am Dienstag, 29. August 2017, 03:38:53 CEST schrieb Seth Arnold: > On Tue, Aug 22, 2017 at 11:14:59PM +0200, Christian Boltz wrote: > > > Is the sss/ms/initgroups change intentional? > > > > Yes, this is intentional - I did the profile updates (on an INVIS > > server) myself ;-) > > > > > Should that go into abstractions/nameservice instead? > > > > What about "maybe"? ;-) This was the first time I've seen access to > > sss/ms/initgroups. I don't really know what it does, so I prefered > > to > > only allow it in the smbd profile. > > > > If you think it makes sense for abstractions/nameservice, I can > > change the patch ;-) > > This would be wonderful, thanks. The 'initgroups' interface exists to > support the getgrouplist(3) function as described by nsswitch.conf(5). > So if a site is using sss then probably more than just Samba will > need this. > > Acked-by: Seth Arnold <seth.arn...@canonical.com> for the 'old' patch > minus the initgroups, and the offered new patch of the initgroups in > abstractions/nameservice. :)
Updated patch commited to all branches. @Stefan: Since this patch affects profiles and abstractions shipped in the apparmor-profiles and apparmor-abstractions package - do you want updated AppArmor packages in Tumbleweed and/or Leap? If so, please tell me when you need them, and I'll try to get a maintenance update out. Ideally we could get new minor releases from upstream AppArmor with all the patches and changes collected in the last 8 months. Regards, Christian Boltz -- <cboltz> jjohansen: you are making it too easy for kshitij8 ;-) <jjohansen> cboltz: oops sorry, now I'll have to come up with a new task to make him suffer :) <sarnold> review the c++11 conversion? :) * sarnold runs <jjohansen> haha, sarnold I said suffer, not drive him to commit suicide [from #apparmor]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor