[apparmor] [patch] allow /run/nscd/passwd in abstractions/nameservice

[Christian Boltz]

Hello,

abstractions/nameservice should allow /run/nscd/passwd etc. in addition 
to /var/run/nscd/passwd.

BTW: it already allows some other files in /run/nscd/ - passwd etc. was 
probably missed because it's a complex rule already.

BTW 2: is /var/db/nscd/passwd and /var/cache/nscd/passwd really 
something that we'll find out there? I'm asking because the other 
nscd-related rules only allow /{var/,}run/.

References: https://bugzilla.novell.com/show_bug.cgi?id=886225

I propose this patch for trunk and 2.8.



=== modified file 'profiles/apparmor.d/abstractions/nameservice'
--- profiles/apparmor.d/abstractions/nameservice        2014-02-14 01:15:03 +0000
+++ profiles/apparmor.d/abstractions/nameservice        2014-07-08 19:06:53 +0000
@@ -42,7 +42,7 @@
   # to vast speed increases when working with network-based lookups.
   /{,var/}run/.nscd_socket   rw,
   /{,var/}run/nscd/socket    rw,
-  /var/{db,cache,run}/nscd/{passwd,group,services,host}    r,
+  /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,host}    r,
   # nscd renames and unlinks files in it's operation that clients will
   # have open
   /{,var/}run/nscd/db*  rmix,


Regards,

Christian Boltz
-- 
> Hell Listmates,
I don't consider this list "hell". It's unfriendly sometimes, 
but only to those who deserve it :P
[> Roman Bysh and Stefan Seyfried in opensuse-factory]