[apparmor] [patch] allow /run/nscd/passwd in abstractions/nameservice

Seth Arnold seth.arnold at canonical.com
Wed Jul 9 03:10:13 UTC 2014 

On Tue, Jul 08, 2014 at 09:16:54PM +0200, Christian Boltz wrote:
> Hello,
> 
> abstractions/nameservice should allow /run/nscd/passwd etc. in addition 
> to /var/run/nscd/passwd.
> 
> BTW: it already allows some other files in /run/nscd/ - passwd etc. was 
> probably missed because it's a complex rule already.
> 
> BTW 2: is /var/db/nscd/passwd and /var/cache/nscd/passwd really 
> something that we'll find out there? I'm asking because the other 
> nscd-related rules only allow /{var/,}run/.
> 
> References: https://bugzilla.novell.com/show_bug.cgi?id=886225
> 
> I propose this patch for trunk and 2.8.

Acked-by: Seth Arnold <seth.arnold at canonical.com> for both trunk and 2.8.

I know I've seen /var/cache/nscd/passwd out in the wild but that might
very well be glibc from a decade ago at this point. I'm not sure about
/var/db/nscd/...

Thanks

> 
> 
> 
> === modified file 'profiles/apparmor.d/abstractions/nameservice'
> --- profiles/apparmor.d/abstractions/nameservice        2014-02-14 01:15:03 +0000
> +++ profiles/apparmor.d/abstractions/nameservice        2014-07-08 19:06:53 +0000
> @@ -42,7 +42,7 @@
>    # to vast speed increases when working with network-based lookups.
>    /{,var/}run/.nscd_socket   rw,
>    /{,var/}run/nscd/socket    rw,
> -  /var/{db,cache,run}/nscd/{passwd,group,services,host}    r,
> +  /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,host}    r,
>    # nscd renames and unlinks files in it's operation that clients will
>    # have open
>    /{,var/}run/nscd/db*  rmix,
> 
> 
> Regards,
> 
> Christian Boltz
> -- 
> > Hell Listmates,
> I don't consider this list "hell". It's unfriendly sometimes, 
> but only to those who deserve it :P
> [> Roman Bysh and Stefan Seyfried in opensuse-factory]
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140708/2a8ab3fa/attachment.pgp>

More information about the AppArmor mailing list