[Bug 317109] Re: Apparmour doesnt support use of /etc/ssl/<servicename>

Jamie Strandboge jamie at ubuntu.com
Sat Jan 24 14:15:00 GMT 2009

I just check the apparmor profiles for Hardy, Intrepid and Jaunty, and they all have (after including the abstractions):
  #include <abstractions/ssl_certs>
  /etc/ssl/private/ r,
  /etc/ssl/private/* r,

This works out to:
  /etc/ssl/ r,
  /etc/ssl/certs/ r,
  /etc/ssl/certs/* r,
  /etc/ssl/private/ r,
  /etc/ssl/private/* r,

I think if this is going to be fixed, it should be fixed in the apparmor package, so am moving it there. The question then becomes, should /etc/apparmor.d/abstractions/ssl_certs become:
  /etc/ssl/ r,
  /etc/ssl/* r,

This would obviate the need for references to /etc/ssl/private/ (and
abstractions/ssl_keys on Jaunty). What do people think?

** Changed in: openldap2.3 (Ubuntu)
     Assignee: Jamie Strandboge (jdstrand) => (unassigned)
       Status: Confirmed => Invalid

** Changed in: apparmor (Ubuntu)
Sourcepackagename: openldap => apparmor

Apparmour doesnt support use of /etc/ssl/<servicename>
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.

More information about the Ubuntu-server-bugs mailing list