On 10/18/2017 10:22 AM, Christian Boltz wrote: > Hello, > > Am Mittwoch, 18. Oktober 2017, 16:10:20 CEST schrieb Goldwyn Rodrigues: >> This is required for starting nscd. >> /etc/netconfig is required by the tirpc library which nscd uses. >> nscd[1130]: rpc: failed to open /etc/netconfig >> >> References: https://bugzilla.suse.com/show_bug.cgi?id=1062244 >> >> Signed-off-by: Goldwyn Rodrigues <rgold...@suse.com> >> --- >> diff --git a/profiles/apparmor.d/usr.sbin.nscd >> b/profiles/apparmor.d/usr.sbin.nscd index 46d3e2b3..987f542e 100644 >> --- a/profiles/apparmor.d/usr.sbin.nscd >> +++ b/profiles/apparmor.d/usr.sbin.nscd >> @@ -23,6 +23,7 @@ >> >> /etc/netgroup r, >> /etc/nscd.conf r, >> + /etc/netconfig r, >> /usr/sbin/nscd rmix, >> /{,var/}run/.nscd_socket wl, >> /{,var/}run/nscd/ rw, > > The funny thing is that I submitted a similar patch to Tumbleweed > yesterday after a discussion on the opensuse-factory mailinglist: > https://build.opensuse.org/request/show/534597
Thanks. This is a better solution. > > The mailinglist discussion indicates that > > every package linked against libtirpc or loading a shared library or > plugin linked against libtirpc needs to be able to read /etc/netconfig. > So, if somebody enables NIS on his system, every application could > end in the situation to need access to that file. > > (that's from Thorsten Kukuk, > https://lists.opensuse.org/opensuse-factory/2017-10/msg00401.html ) > > rpm -e --test libtirpc3 lists several packages, for example nfs-client, > ypbind, rpcbind, autofs and xinetd. > > Therefore I propose the following alternative patch that adds > /etc/netconfig to abstractions/nameservice instead. > > (If you think I should use another comment in the patch, tell me. I'm > not familiar with NIS etc., so there are chances that the comment isn't > perfect ;-) > > > I propose this patch for 2.9..trunk. > > > +=== modified file 'profiles/apparmor.d/abstractions/nameservice' > +--- profiles/apparmor.d/abstractions/nameservice 2017-09-15 20:47:26 > +0000 > ++++ profiles/apparmor.d/abstractions/nameservice 2017-10-17 21:29:36 > +0000 > +@@ -21,6 +21,9 @@ > + /etc/passwd r, > + /etc/protocols r, > + > ++ # libtirpc (used for NIS/YP login) needs this > ++ /etc/netconfig r, > ++ > + # When using libnss-extrausers, the passwd and group files are merged from > + # an alternate path > + /var/lib/extrausers/group r, > > > Regards, > > Christian Boltz > > > -- Goldwyn -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor