[apparmor] [patch 3/8] Allow using sssd for group and password lookups
Steve Beattie
steve at nxnw.org
Wed Feb 12 06:28:27 UTC 2014
On Tue, Feb 11, 2014 at 03:53:34PM -0800, Seth Arnold wrote:
> Description: Allow using sssd for group and password lookups
> Index: apparmor/profiles/apparmor.d/abstractions/nameservice
> ===================================================================
> --- apparmor.orig/profiles/apparmor.d/abstractions/nameservice 2013-11-29 13:31:27.462965841 -0500
> +++ apparmor/profiles/apparmor.d/abstractions/nameservice 2013-11-29 13:32:05.286964238 -0500
> @@ -21,6 +21,12 @@
> /etc/passwd r,
> /etc/protocols r,
>
> + # When using sssd, the passwd and group files are stored in an alternate path
> + # and the nss plugin also needs to talk to a pipe
> + /var/lib/sss/mc/group r,
> + /var/lib/sss/mc/passwd r,
> + /var/lib/sss/pipes/nss rw,
> +
> /etc/resolv.conf r,
> # on systems using resolvconf, /etc/resolv.conf is a symlink to
> # /{,var/}run/resolvconf/resolv.conf and a file sometimes referenced in
Acked-by: Steve Beattie <steve at nxnw.org>. I note that the smbd
profile references /var/lib/sss/mc/passwd (which can be removed)
as well as /var/lib/sss/pubconf/kdcinfo.*, which I'm less sure of
the appropriate location for.
FYI, the patch's author is Stéphane Graber <stgraber at ubuntu.com>.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140211/338fbe2e/attachment.pgp>
More information about the AppArmor
mailing list