[apparmor] [patch] split abstractions/nameservice - adds abstractions/ldapclient

Christian Boltz apparmor at cboltz.de
Mon Oct 31 19:20:44 UTC 2011 

Hello,

another patch from the openSUSE AppArmor package. It's quite old and it 
looks like I overlooked it when pushing all the openSUSE patches 
upstream. Well, better late than never ;-)

I'll let the changelog entry speak for the patch:

Thu Jan  6 16:23:19 UTC 2011 - rhafer at suse.de

- Splitted ldap related things from nameservice into separate
  profile and added some missing paths (bnc#662761)


Regards,

Christian Boltz
-- 
I wish I knew enough C++ to produce a patch, but unfortunately I'm
better at being annoying on the mailing list than I am at coding :-)
["C" in opensuse-factory]
-------------- next part --------------
Thu Jan  6 16:23:19 UTC 2011 - rhafer at suse.de

- Splitted ldap related things from nameservice into separate
  profile and added some missing paths (bnc#662761)


---
 profiles/apparmor.d/abstractions/ldapclient  |   21 +++++++++++++++++++++
 profiles/apparmor.d/abstractions/nameservice |    8 +++-----
 2 files changed, 24 insertions(+), 5 deletions(-)

--- /dev/null
+++ b/profiles/apparmor.d/abstractions/ldapclient
@@ -0,0 +1,21 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2011 Novell/SUSE
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+  # files required by LDAP clients (e.g. nss_ldap/pam_ldap)
+  /etc/ldap.conf            r,
+  /etc/ldap.secret          r,
+  /etc/openldap/*           r,
+  /etc/openldap/cacerts/*   r,
+
+  # SASL plugins and config
+  /etc/sasl2/*              r,
+  /usr/lib{,32,64}/sasl2/*  r,
+
+  #include <abstractions/ssl_certs>
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -16,8 +16,6 @@
   /etc/group              r,
   /etc/host.conf          r,
   /etc/hosts              r,
-  /etc/ldap.conf          r,
-  /etc/ldap.secret        r,
   /etc/nsswitch.conf      r,
   /etc/gai.conf           r,
   /etc/passwd             r,
@@ -32,9 +30,6 @@
 
   /etc/samba/lmhosts      r,
   /etc/services           r,
-  # all openldap config
-  /etc/openldap/*         r,
-  /etc/ldap/**            r,
   # db backend
   /var/lib/misc/*.db      r,
   # The Name Service Cache Daemon can cache lookups, sometimes leading
@@ -60,6 +55,9 @@
   # nis
   #include <abstractions/nis>
 
+  # ldap
+  #include <abstractions/ldapclient>
+
   # winbind
   #include <abstractions/winbind>

More information about the AppArmor mailing list