[apparmor] [patch] update paths in nscd profile to allow /run/nscd

[Seth Arnold]

On Sun, Nov 16, 2014 at 03:05:31PM +0100, Christian Boltz wrote:
> Hello,
> 
> this patch allows the usage of /run/nscd/ for runtime files in the nscd 
> profile.
> 
> References: https://bugzilla.novell.com/show_bug.cgi?id=904620#c14
> 
> Notes and questions: 
> There are some differences to abstractions/nameservice:
> - the nscd profile doesn't cover /var/db/ - is this used by some 
>   distribution?
> - abstractions/nameservice allows "host" instead of "hosts". Is this 
>   really correct/intentional or is it a bug in the abstraction?

Looks like a bug: http://codesearch.debian.net/search?q=nscd%2Fhost

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks
> 
> 
> === modified file 'profiles/apparmor.d/usr.sbin.nscd'
> --- profiles/apparmor.d/usr.sbin.nscd   2013-10-09 12:39:58 +0000
> +++ profiles/apparmor.d/usr.sbin.nscd   2014-11-16 14:02:06 +0000
> @@ -28,7 +28,7 @@
>    /{,var/}run/nscd/ rw,
>    /{,var/}run/nscd/db* rwl,
>    /{,var/}run/nscd/socket wl,
> -  /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
> +  /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
>    /{,var/}run/{nscd/,}nscd.pid rwl,
>    /var/log/nscd.log rw,
>    @{PROC}/@{pid}/fd/ r,
> 
> 
> 
> 
> Regards,
> 
> Christian Boltz
> -- 
> > [feste Stringlängen in C]  Dafür gibt's #defines.
> Und jedesmal ein neuer Build, wenn sich irgendwo eine Länge ändert.
> Cool!  Den Versionszähler kann man sich dann als Ventilator in die
> Küche hängen ;-) [> Thorsten Haude und Jan Trippler in suse-linux]
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141117/6542b6dc/attachment.pgp>