[apparmor] [patch] nscd profile: allow paranoia mode
Christian Boltz
apparmor at cboltz.de
Mon Mar 21 20:01:52 UTC 2016
Hello,
in /etc/nscd.conf there is an option allowing to restart nscd after a
certain time. However, this requires reading /proc/self/cmdline -
otherwise nscd will disable paranoia mode.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=971790
I propose this patch for trunk, 2.10 and 2.9
[ profiles-nscd-paranoia.diff ]
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd 2014-12-01 22:44:13 +0000
+++ profiles/apparmor.d/usr.sbin.nscd 2016-03-21 19:57:03 +0000
@@ -31,6 +31,7 @@
/{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
/{,var/}run/{nscd/,}nscd.pid rwl,
/var/log/nscd.log rw,
+ @{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/fd/* r,
@{PROC}/@{pid}/mounts r,
Regards,
Christian Boltz
--
Wenn's eine kaputte Platte ist: Entsorgen, Backup zurückspielen.
Wenn's kein Backup gibt - nennt sich das ganze "lernen" ;-)
[Arno Lehmann in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160321/bbf0972f/attachment.pgp>
More information about the AppArmor
mailing list