[apparmor] [patch] update paths in nscd profile to allow /run/nscd
Christian Boltz
apparmor at cboltz.de
Mon Nov 17 19:36:33 UTC 2014
Hello,
Am Montag, 17. November 2014 schrieb Seth Arnold:
> On Sun, Nov 16, 2014 at 03:05:31PM +0100, Christian Boltz wrote:
> > Notes and questions:
> > There are some differences to abstractions/nameservice:
> > - abstractions/nameservice allows "host" instead of "hosts". Is this
> > really correct/intentional or is it a bug in the abstraction?
>
> Looks like a bug: http://codesearch.debian.net/search?q=nscd%2Fhost
I tracked this down to
revno: 1293
committer: Jamie Strandboge <jamie at canonical.com>
branch nick: master
timestamp: Wed 2009-11-04 14:25:42 -0600
message:
pull in Ubuntu updates to profiles/apparmor.d
with quite some changes to abstractions/nameservice - one of them was
- /var/db/nscd/{passwd,group,services,hosts} r,
+ /var/{db,cache,run}/nscd/{passwd,group,services,host} r,
I'm slightly surprised that we managed to keep this bug for 3 years
without any complaints or bugreports ;-)
Nevertheless, I propose the following patch (for trunk and 2.8).
Note that this will remove permissions for ..../nscd/host file, but it's
extremely unlikely that such a file exists.
=== modified file 'profiles/apparmor.d/abstractions/nameservice'
--- profiles/apparmor.d/abstractions/nameservice 2014-09-03 19:21:31 +0000
+++ profiles/apparmor.d/abstractions/nameservice 2014-11-17 19:28:15 +0000
@@ -47,7 +47,7 @@
# to vast speed increases when working with network-based lookups.
/{,var/}run/.nscd_socket rw,
/{,var/}run/nscd/socket rw,
- /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,host} r,
+ /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,hosts} r,
# nscd renames and unlinks files in it's operation that clients will
# have open
/{,var/}run/nscd/db* rmix,
Regards,
Christian Boltz
--
Also, ich hab mit win3.11 (damals war ich 2 jahre alt) angefangen und
hab dann alle Win-versionen erlebt, bis xp. Das war entgültig zuviel.
Danach war Schluss. Jetzt nur noch SuSE Linux.
[Soeren Wengerowsky in suse-linux]
More information about the AppArmor
mailing list