[apparmor] [patch] nscd profile: allow paranoia mode
Jamie Strandboge
jamie at canonical.com
Mon Mar 21 20:19:52 UTC 2016
On Mon, 2016-03-21 at 21:01 +0100, Christian Boltz wrote:
> Hello,
>
> in /etc/nscd.conf there is an option allowing to restart nscd after a
> certain time. However, this requires reading /proc/self/cmdline -
> otherwise nscd will disable paranoia mode.
>
>
> References: https://bugzilla.opensuse.org/show_bug.cgi?id=971790
>
>
> I propose this patch for trunk, 2.10 and 2.9
>
Acked-By: Jamie Strandboge <jamie at canonical.com>
Thanks!
>
> [ profiles-nscd-paranoia.diff ]
>
> === modified file 'profiles/apparmor.d/usr.sbin.nscd'
> --- profiles/apparmor.d/usr.sbin.nscd 2014-12-01 22:44:13 +0000
> +++ profiles/apparmor.d/usr.sbin.nscd 2016-03-21 19:57:03 +0000
> @@ -31,6 +31,7 @@
> /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
> /{,var/}run/{nscd/,}nscd.pid rwl,
> /var/log/nscd.log rw,
> + @{PROC}/@{pid}/cmdline r,
> @{PROC}/@{pid}/fd/ r,
> @{PROC}/@{pid}/fd/* r,
> @{PROC}/@{pid}/mounts r,
>
>
>
> Regards,
>
> Christian Boltz
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/a
> pparmor
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160321/1a06f128/attachment.pgp>
More information about the AppArmor
mailing list