[apparmor] [patch] [2.8 branch] backport nscd profile additions from 2.9 branch

Christian Boltz apparmor at cboltz.de
Fri Apr 15 20:51:10 UTC 2016


in the backport patch, I overlooked some real changes in the nscd 
profile. Here they are:

=== modified file 'profiles/apparmor.d/usr.sbin.nscd'                                                                                                                                                                                                                          
--- profiles/apparmor.d/usr.sbin.nscd   2013-03-05 21:12:37 +0000                                                                                                                                                                                                              
+++ profiles/apparmor.d/usr.sbin.nscd   2016-04-15 20:49:15 +0000                                                                                                                                                                                                              
@@ -34,9 +34,10 @@                                                                                                                                                                                                                                                             
   /{,var/}run/nscd/ rw,                                                                                                                                                                                                                                                       
   /{,var/}run/nscd/db* rwl,                                                                                                                                                                                                                                                   
   /{,var/}run/nscd/socket wl,                                                                                                                                                                                                                                                 
-  /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw,                                                                                                                                                                                                            
+  /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,                                                                                                                                                                                                    
   /{,var/}run/{nscd/,}nscd.pid rwl,                                                                                                                                                                                                                                           
   /var/log/nscd.log rw,                                                                                                                                                                                                                                                       
+  @{PROC}/[0-9]*/cmdline r,                                                                                                                                                                                                                                                   
   @{PROC}/[0-9]*/fd/ r,                                                                                                                                                                                                                                                       
   @{PROC}/[0-9]*/fd/* r,                                                                                                                                                                                                                                                      
   @{PROC}/[0-9]*/maps r,                                                                                                                                                                                                                                                      


Christian Boltz
