[apparmor] [patch] (u)nscd setuid/setgid to non-root user
Christian Boltz
apparmor at cboltz.de
Tue Aug 23 23:06:42 UTC 2011
Hello,
Am Mittwoch, 24. August 2011 schrieb Steve Beattie:
> On Tue, Aug 23, 2011 at 10:09:18PM +0200, Christian Boltz wrote:
> > Currently the nscd package from glibc and the unscd package both
> > contain a usr.sbin.nscd profile which needs to maintained/updated
> > manually. With this patch, the profile could be moved back to the
> > apparmor-profiles package.
>
> Acked-By: Steve Beattie <sbeattie at ubuntu.com>,
Thanks, commited.
> though it really
> seems these ought to be using the alternatives system. OTOH, if
> the permission set is roughly the same, not using the alternatives
> simplifies policy management for us a bit.
In case of nscd vs. unscd it is a simple Conflicts: in the specfile.
Both work with nearly the same profile and having two different *nscd
daemons installed at the same time is pointless. Therefore the
Conflicts: tag looks like a good solution to me.
Yes, using alternatives is probably the "technically correct"[tm]
solution, but it also makes things more difficult.
Managing the alternatives using rpm Conflicts: is "good enough"[tm]
in this case and makes handling much easier.
BTW: Does Debian or Ubuntu ship alternative *nscd daemons? If yes, how
is it handled there?
Regards,
Christian Boltz
--
> Ein richtiger Name, zumindest als Unterschrift, wäre schon nett,
> da ich ungern mit tmp rede.
Ach, hat doch auch seine Vorteile: Dann ist wenigstens alles, was
man gesagt hat, beim nächsten Reboot vergessen. :)
[> Philipp Thomas und Bernhard Walle in suse-linux]
More information about the AppArmor
mailing list