[apparmor] [patch] Allow /var/lib/nscd in abstractions/nameservice and nscd profile

Christian Boltz apparmor at cboltz.de
Sun Oct 23 13:16:54 UTC 2016 

Hello,

the latest glibc (including nscd) in openSUSE Tumbleweed comes with
    glibc-2.3.3-nscd-db-path.diff: Move persistent nscd databases to
    /var/lib/nscd

This needs updates (adding /var/lib/nscd/) to abstractions/nameservice
and the nscd profile.


I propose this patch for trunk, 2.10 and 2.9 (even if it's unlikely
that someone will backport the new nscd paths to old systems)


[ nscd-var-lib.diff ]

=== modified file 'profiles/apparmor.d/abstractions/nameservice'
--- profiles/apparmor.d/abstractions/nameservice        2016-06-22 22:15:49 +0000
+++ profiles/apparmor.d/abstractions/nameservice        2016-10-22 19:55:04 +0000
@@ -46,7 +46,7 @@
   # to vast speed increases when working with network-based lookups.
   /{,var/}run/.nscd_socket   rw,
   /{,var/}run/nscd/socket    rw,
-  /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,hosts}    r,
+  /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts}    r,
   # nscd renames and unlinks files in it's operation that clients will
   # have open
   /{,var/}run/nscd/db*  rmix,

=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd   2016-03-21 20:30:19 +0000
+++ profiles/apparmor.d/usr.sbin.nscd   2016-10-22 19:54:36 +0000
@@ -28,7 +28,7 @@
   /{,var/}run/nscd/ rw,
   /{,var/}run/nscd/db* rwl,
   /{,var/}run/nscd/socket wl,
-  /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
+  /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
   /{,var/}run/{nscd/,}nscd.pid rwl,
   /var/log/nscd.log rw,
   @{PROC}/@{pid}/cmdline r,



Regards,

Christian Boltz
-- 
Linux sollte Linux bleiben und nicht versuchen, ein besseres Windows zu
sein. Das ist IMHO der groesste Fehler! Warte mal noch ein oder zwei
Jahre ab, da werden dann "blue screens" unter KDE vermutlich auch zum
Alltag werden. [Thomas Hertweck in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161023/79900a6b/attachment.pgp>

More information about the AppArmor mailing list