[apparmor] [patch] Allow /var/lib/nscd in abstractions/nameservice and nscd profile

Christian Boltz apparmor at cboltz.de
Wed Nov 16 21:15:34 UTC 2016 

Hello,

Am Sonntag, 23. Oktober 2016, 15:16:54 CET schrieb Christian Boltz:
> the latest glibc (including nscd) in openSUSE Tumbleweed comes with
>     glibc-2.3.3-nscd-db-path.diff: Move persistent nscd databases to
>     /var/lib/nscd
> 
> This needs updates (adding /var/lib/nscd/) to abstractions/nameservice
> and the nscd profile.
> 
> 
> I propose this patch for trunk, 2.10 and 2.9 (even if it's unlikely
> that someone will backport the new nscd paths to old systems)

Any comments or reviews on this patch?

If nobody objects, I'll commit it on Friday as Acked-by <timeout>.


> [ nscd-var-lib.diff ]
> 
> === modified file 'profiles/apparmor.d/abstractions/nameservice'
> --- profiles/apparmor.d/abstractions/nameservice        2016-06-22
> 22:15:49 +0000 +++ profiles/apparmor.d/abstractions/nameservice      
>  2016-10-22 19:55:04 +0000 @@ -46,7 +46,7 @@
>    # to vast speed increases when working with network-based lookups.
>    /{,var/}run/.nscd_socket   rw,
>    /{,var/}run/nscd/socket    rw,
> -  /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,hosts}  r, 
>   + /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts}    r, 
>   # nscd renames and unlinks files in it's operation that
> clients will # have open
>    /{,var/}run/nscd/db*  rmix,
> 
> === modified file 'profiles/apparmor.d/usr.sbin.nscd'
> --- profiles/apparmor.d/usr.sbin.nscd   2016-03-21 20:30:19 +0000
> +++ profiles/apparmor.d/usr.sbin.nscd   2016-10-22 19:54:36 +0000
> @@ -28,7 +28,7 @@
>    /{,var/}run/nscd/ rw,
>    /{,var/}run/nscd/db* rwl,
>    /{,var/}run/nscd/socket wl,
> - /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, 
> +  /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, 
>    /{,var/}run/{nscd/,}nscd.pid rwl,
>    /var/log/nscd.log rw,
>    @{PROC}/@{pid}/cmdline r,



Regards,

Christian Boltz
-- 
you are spending too much time in web forums or with apache guys if you
are using "+1" and "-1" :-) [Stefan Seyfried in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161116/ccef9018/attachment-0001.pgp>

More information about the AppArmor mailing list