'[apparmor] [patch] Allow /var/lib/nscd in abstractions/nameservice and nscd profile'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apparmor-dev
Subject:    [apparmor] [patch] Allow /var/lib/nscd in abstractions/nameservice and nscd profile
From:       Christian Boltz <apparmor () cboltz ! de>
Date:       2016-10-23 13:16:54
Message-ID: 3292013.22XpoeluKS () tux ! boltz ! de ! vu
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Hello,

the latest glibc (including nscd) in openSUSE Tumbleweed comes with
    glibc-2.3.3-nscd-db-path.diff: Move persistent nscd databases to
    /var/lib/nscd

This needs updates (adding /var/lib/nscd/) to abstractions/nameservice
and the nscd profile.


I propose this patch for trunk, 2.10 and 2.9 (even if it's unlikely
that someone will backport the new nscd paths to old systems)


[ nscd-var-lib.diff ]

=== modified file 'profiles/apparmor.d/abstractions/nameservice'

--- profiles/apparmor.d/abstractions/nameservice        2016-06-22 22:15:49 +0000
+++ profiles/apparmor.d/abstractions/nameservice        2016-10-22 19:55:04 +0000
@@ -46,7 +46,7 @@
   # to vast speed increases when working with network-based lookups.
   /{,var/}run/.nscd_socket   rw,
   /{,var/}run/nscd/socket    rw,
-  /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,hosts}    r,
+  /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts}    r,
   # nscd renames and unlinks files in it's operation that clients will
   # have open
   /{,var/}run/nscd/db*  rmix,

=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd   2016-03-21 20:30:19 +0000
+++ profiles/apparmor.d/usr.sbin.nscd   2016-10-22 19:54:36 +0000
@@ -28,7 +28,7 @@
   /{,var/}run/nscd/ rw,
   /{,var/}run/nscd/db* rwl,
   /{,var/}run/nscd/socket wl,
-  /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
+  /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
   /{,var/}run/{nscd/,}nscd.pid rwl,
   /var/log/nscd.log rw,
   @{PROC}/@{pid}/cmdline r,



Regards,

Christian Boltz
-- 
Linux sollte Linux bleiben und nicht versuchen, ein besseres Windows zu
sein. Das ist IMHO der groesste Fehler! Warte mal noch ein oder zwei
Jahre ab, da werden dann "blue screens" unter KDE vermutlich auch zum
Alltag werden. [Thomas Hertweck in suse-linux]

["signature.asc" (application/pgp-signature)]

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor


[prev in list] [next in list] [prev in thread] [next in thread] 
