[apparmor] [patch] update paths in nscd profile to allow /run/nscd
Christian Boltz
apparmor at cboltz.de
Sun Nov 16 14:05:31 UTC 2014
Hello,
this patch allows the usage of /run/nscd/ for runtime files in the nscd
profile.
References: https://bugzilla.novell.com/show_bug.cgi?id=904620#c14
Notes and questions:
There are some differences to abstractions/nameservice:
- the nscd profile doesn't cover /var/db/ - is this used by some
distribution?
- abstractions/nameservice allows "host" instead of "hosts". Is this
really correct/intentional or is it a bug in the abstraction?
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd 2013-10-09 12:39:58 +0000
+++ profiles/apparmor.d/usr.sbin.nscd 2014-11-16 14:02:06 +0000
@@ -28,7 +28,7 @@
/{,var/}run/nscd/ rw,
/{,var/}run/nscd/db* rwl,
/{,var/}run/nscd/socket wl,
- /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
+ /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
/{,var/}run/{nscd/,}nscd.pid rwl,
/var/log/nscd.log rw,
@{PROC}/@{pid}/fd/ r,
Regards,
Christian Boltz
--
> [feste Stringlängen in C] Dafür gibt's #defines.
Und jedesmal ein neuer Build, wenn sich irgendwo eine Länge ändert.
Cool! Den Versionszähler kann man sich dann als Ventilator in die
Küche hängen ;-) [> Thorsten Haude und Jan Trippler in suse-linux]
More information about the AppArmor
mailing list