[Bug 662761] New: nscd needs read access to /etc/openldap/cacerts
https://bugzilla.novell.com/show_bug.cgi?id=662761 https://bugzilla.novell.com/show_bug.cgi?id=662761#c0 Summary: nscd needs read access to /etc/openldap/cacerts Classification: openSUSE Product: openSUSE 11.4 Version: Milestone 5 of 6 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: jeffm@novell.com ReportedBy: rhafer@novell.com QAContact: qa@suse.de Found By: Development Blocker: --- yast2-ldap-client stores CA certificates in /etc/openldap/cacerts by default. However apparmor denies read access to it for nscd (through the nameservice abstraction). Changing /etc/openldap/* to /etc/openldap/** in /etc/apparmor.d/abstractions/nameservice should to the trick. I'll prepare a submitrequest. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=662761
https://bugzilla.novell.com/show_bug.cgi?id=662761#c1
Jeff Mahoney
https://bugzilla.novell.com/show_bug.cgi?id=662761
https://bugzilla.novell.com/show_bug.cgi?id=662761#c2
--- Comment #2 from Jeff Mahoney
https://bugzilla.novell.com/show_bug.cgi?id=662761
https://bugzilla.novell.com/show_bug.cgi?id=662761#c3
Ralf Haferkamp
Please make sure the SR is against the apparmor package in security:apparmor:factory and not the apparmor-profiles package in openSUSE:Factory. Most of the individual apparmor-* source packages are going away in favor of a single apparmor source package, which is how the upstream project ships the code now. Ok. Thanks for the hint. Seems I was a little too fast with my SR. I revoked it again ;).
That said, the nscd profile should be simpler than it is. OpenLDAP should have its own abstraction profile that is included from the nscd one. That is how other plugins work, like nis, kerberos, even Novell eDirectory. Ok. I'll try to do it that way.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=662761
https://bugzilla.novell.com/show_bug.cgi?id=662761#c4
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=662761
https://bugzilla.novell.com/show_bug.cgi?id=662761#c5
Jeff Mahoney
https://bugzilla.novell.com/show_bug.cgi?id=662761
https://bugzilla.novell.com/show_bug.cgi?id=662761#c6
--- Comment #6 from Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=662761
https://bugzilla.novell.com/show_bug.cgi?id=662761#c7
--- Comment #7 from Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=662761
https://bugzilla.novell.com/show_bug.cgi?id=662761#c8
Jeff Mahoney
participants (1)
-
bugzilla_noreply@novell.com