[apparmor] [patch] Allow /var/lib/nscd in abstractions/nameservice and nscd profile

Seth Arnold seth.arnold at canonical.com
Fri Nov 18 19:12:20 UTC 2016 

On Wed, Nov 16, 2016 at 10:15:34PM +0100, Christian Boltz wrote:
> Hello,
> 
> Am Sonntag, 23. Oktober 2016, 15:16:54 CET schrieb Christian Boltz:
> > the latest glibc (including nscd) in openSUSE Tumbleweed comes with
> >     glibc-2.3.3-nscd-db-path.diff: Move persistent nscd databases to
> >     /var/lib/nscd
> > 
> > This needs updates (adding /var/lib/nscd/) to abstractions/nameservice
> > and the nscd profile.
> > 
> > 
> > I propose this patch for trunk, 2.10 and 2.9 (even if it's unlikely
> > that someone will backport the new nscd paths to old systems)
> 
> Any comments or reviews on this patch?
> 
> If nobody objects, I'll commit it on Friday as Acked-by <timeout>.

Assuming the funny spacing below is due to KMail,
Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> 
> 
> > [ nscd-var-lib.diff ]
> > 
> > === modified file 'profiles/apparmor.d/abstractions/nameservice'
> > --- profiles/apparmor.d/abstractions/nameservice        2016-06-22
> > 22:15:49 +0000 +++ profiles/apparmor.d/abstractions/nameservice      
> >  2016-10-22 19:55:04 +0000 @@ -46,7 +46,7 @@
> >    # to vast speed increases when working with network-based lookups.
> >    /{,var/}run/.nscd_socket   rw,
> >    /{,var/}run/nscd/socket    rw,
> > -  /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,hosts}  r, 
> >   + /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts}    r, 
> >   # nscd renames and unlinks files in it's operation that
> > clients will # have open
> >    /{,var/}run/nscd/db*  rmix,
> > 
> > === modified file 'profiles/apparmor.d/usr.sbin.nscd'
> > --- profiles/apparmor.d/usr.sbin.nscd   2016-03-21 20:30:19 +0000
> > +++ profiles/apparmor.d/usr.sbin.nscd   2016-10-22 19:54:36 +0000
> > @@ -28,7 +28,7 @@
> >    /{,var/}run/nscd/ rw,
> >    /{,var/}run/nscd/db* rwl,
> >    /{,var/}run/nscd/socket wl,
> > - /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, 
> > +  /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, 
> >    /{,var/}run/{nscd/,}nscd.pid rwl,
> >    /var/log/nscd.log rw,
> >    @{PROC}/@{pid}/cmdline r,
> 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161118/f5a1db53/attachment.pgp>

More information about the AppArmor mailing list