[Bug 203898] [NEW] slapcat broken when default apparmor profile is enabled
Jamie Strandboge
jamie at ubuntu.com
Wed Mar 19 13:07:55 GMT 2008
Public bug reported:
A simple 'sudo slapcat -l ./foo.ldif' results in this apparmor entry:
Mar 19 12:30:07 hardy-amd64-sec kernel: [ 0.000000]
audit(1205929807.141:3): operation="inode_create" request_mask="w::"
denied_mask="w::" name="/home/jamie/foo.ldif" pid=4384
profile="/usr/sbin/slapd" namespace="default"
The reason why is because slapcat is a symlink to slapd, and apparmor
evaluates symlinks to the name of the file they point to. One solution
might be to use hard links instead of symlinks.
As slapacl, slapadd, slapauth, slapdn, slapindex, slappasswd and
slaptest are also symlinks, these are all likely broken as well.
** Affects: openldap2.3 (Ubuntu)
Importance: Undecided
Assignee: Jamie Strandboge (jamie-strandboge)
Status: Confirmed
** Changed in: openldap2.3 (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jamie-strandboge)
Status: New => Confirmed
--
slapcat broken when default apparmor profile is enabled
https://bugs.launchpad.net/bugs/203898
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list