[apparmor] [patch] (u)nscd setuid/setgid to non-root user
Steve Beattie
steve at nxnw.org
Tue Aug 23 22:01:25 UTC 2011
On Tue, Aug 23, 2011 at 10:09:18PM +0200, Christian Boltz wrote:
> Hello,
>
> another profile patch ;-)
>
>
> Add capability setuid and setgid to nscd profile. Needed by unscd
> to switch to a non-root user. unscd is installed as /usr/sbin/nscd
> at least at openSUSE.
>
> Original changelog entry from unscd package:
> Mon Sep 7 17:30:36 CEST 2009 - pbaudis[at]suse.cz
> - Provide the /etc/apparmor.d/usr.sbin.nscd file and make it allow
> for change to the nobody user [bnc#535467]
>
> Currently the nscd package from glibc and the unscd package both contain
> a usr.sbin.nscd profile which needs to maintained/updated manually.
> With this patch, the profile could be moved back to the
> apparmor-profiles package.
Acked-By: Steve Beattie <sbeattie at ubuntu.com>, though it really
seems these ought to be using the alternatives system. OTOH, if
the permission set is roughly the same, not using the alternatives
simplifies policy management for us a bit.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110823/fb6d0d7c/attachment.pgp>
More information about the AppArmor
mailing list