usr.sbin.nscd needs r/w access to nslcd socket
Bug #1575438 reported by
Daniel Richard G.
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Fix Released
|
Undecided
|
Unassigned | ||
| apparmor (Ubuntu) |
Fix Committed
|
Undecided
|
Unassigned | ||
Bug Description
I am usinc nscd with nslcd (LDAP lookup daemon) for NSS services via LDAP.
It is typical to configure nslcd to connect to the actual LDAP server, and then set up /etc/ldap.conf (which is what NSS/nscd uses for "ldap" type lookups in /etc/nsswitch.conf) with a server URI of ldapi:/
Unfortunately, the usr.sbin.nscd profile in apparmor-profiles 2.10.95-0ubuntu2 (Xenial) makes no mention of the nslcd socket, which results in NSS LDAP lookups not working when the profile is enforced in this configuration.
This is the new line that is needed:
/{,
Revision history for this message
| Daniel Richard G. (skunk) wrote | #1 |
| tags: | added: aa-policy |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #2 |
Revision history for this message
| Daniel Richard G. (skunk) wrote | #3 |
| Changed in apparmor: | |
| status: | New → Fix Committed |
| Changed in apparmor (Ubuntu): | |
| status: | New → Fix Committed |
Revision history for this message
| intrigeri (intrigeri) wrote | #4 |
| Changed in apparmor: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Minor addendum: It's conceivable that the new line should go into <abstractions/
I don't know if/why anything else would need access to the nslcd socket, but that may be a valid use case for other folks.