Andreas fixed that in 2.4.49+dfsg-2ubuntu1 [Focal] which started to have
profile in openldap and include ssl_cert which (as Christian Bolz
outlined above) do include those paths.
# grep ssl_c /etc/apparmor.d/usr.sbin.slapd
#include <abstractions/ssl_certs>
# grep enc /etc/apparmor.d/abstractions/ssl_certs
/etc/letsencrypt/archive/*/cert*.pem r,
/etc/letsencrypt/archive/*/chain*.pem r,
/etc/letsencrypt/archive/*/fullchain*.pem r,
Fixed Focal onwads, and since users can modify the local overrides if
needed I'm not sure how important an SRU of the same is (changing
isolation in SRUs is discouraged AFAIK).
** Changed in: openldap (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805178
Title:
Apparmor should include letsencrypt directory for Slapd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1805178/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
