[apparmor] [PATCH] update nameservice abstraction for extrausers
Seth Arnold
seth.arnold at canonical.com
Thu Aug 21 05:31:12 UTC 2014
On Wed, Aug 20, 2014 at 10:11:52PM -0500, Jamie Strandboge wrote:
> Allow /var/lib/extrausers/group and /var/lib/extrausers/passwd 'read' in order
> to work with libnss-extrausers
>
> Acked-By: Jamie Strandboge <jamie at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Yeah, this is currently Ubuntu-specific, but the paths won't exist
elsewhere and removing distro-specific-deltas seems like a good idea.
Thanks
> Author: Jamie Strandboge <jamie at canonical.com>
> Description: allow /var/lib/extrausers/group and /var/lib/extrausers/passwd
> read to work with libnss-extrausers
>
> Index: apparmor-2.8.96~2541/profiles/apparmor.d/abstractions/nameservice
> ===================================================================
> --- apparmor-2.8.96~2541.orig/profiles/apparmor.d/abstractions/nameservice 2014-06-19 19:03:45.000000000 -0500
> +++ apparmor-2.8.96~2541/profiles/apparmor.d/abstractions/nameservice 2014-07-28 08:16:26.420419006 -0500
> @@ -21,6 +21,11 @@
> /etc/passwd r,
> /etc/protocols r,
>
> + # When using libnss-extrausers, the passwd and group files are merged from
> + # an alternate path
> + /var/lib/extrausers/group r,
> + /var/lib/extrausers/passwd r,
> +
> # When using sssd, the passwd and group files are stored in an alternate path
> # and the nss plugin also needs to talk to a pipe
> /var/lib/sss/mc/group r,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140820/c576648a/attachment.pgp>
More information about the AppArmor
mailing list