[apparmor] [patch] [2.8 branch] backport nscd profile additions from 2.9 branch

Christian Boltz apparmor at cboltz.de
Fri Apr 15 20:51:10 UTC 2016


in the backport patch, I overlooked some real changes in the nscd 
profile. Here they are:

=== modified file 'profiles/apparmor.d/usr.sbin.nscd'                                                                                                                                                                                                                          
--- profiles/apparmor.d/usr.sbin.nscd   2013-03-05 21:12:37 +0000                                                                                                                                                                                                              
+++ profiles/apparmor.d/usr.sbin.nscd   2016-04-15 20:49:15 +0000                                                                                                                                                                                                              
@@ -34,9 +34,10 @@                                                                                                                                                                                                                                                             
   /{,var/}run/nscd/ rw,                                                                                                                                                                                                                                                       
   /{,var/}run/nscd/db* rwl,                                                                                                                                                                                                                                                   
   /{,var/}run/nscd/socket wl,                                                                                                                                                                                                                                                 
-  /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw,                                                                                                                                                                                                            
+  /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,                                                                                                                                                                                                    
   /{,var/}run/{nscd/,}nscd.pid rwl,                                                                                                                                                                                                                                           
   /var/log/nscd.log rw,                                                                                                                                                                                                                                                       
+  @{PROC}/[0-9]*/cmdline r,                                                                                                                                                                                                                                                   
   @{PROC}/[0-9]*/fd/ r,                                                                                                                                                                                                                                                       
   @{PROC}/[0-9]*/fd/* r,                                                                                                                                                                                                                                                      
   @{PROC}/[0-9]*/maps r,                                                                                                                                                                                                                                                      


Christian Boltz
vi-Befehle sind sogar relativ einfach zu merken. Wenn man einmal weiß,
was dw db de d) d( d} d{ dd d^ d$ d0 dG sowie cw und yw machen, dann
weiß man auch, was cb ce c) c( c} c{ cc c^ c$ c0 cG sowie yb ye y) y( y}
y{ yy y^ y$ y0 yG machen.                [Bernd Brodesser in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160415/82c518a9/attachment.pgp>

More information about the AppArmor mailing list