Am 2020-02-06, 15h07 schreibt Stefan Seyfried:
Hi Gerald,
Am 06.02.20 um 10:44 schrieb Gerald Hammer:
I cured the problem by adding a line to /etc/apparmor.d/usr.sbin.nscd :
... /etc/netgroup r, /etc/nscd.conf r, /usr/{bin,sbin}/nscd rmix, # following line added, Gerald Hammer, 2020-02-06 /usr/etc/services r, ...
an then loading it in the running apparmor by
# apparmor_parser -r /etc/apparmor.d/usr.sbin.nscd
But it already contains
#include <abstractions/nameservice>
and /etc/apparmor.d/abstractions/nameservice contains
/{usr/,}etc/services r,
So it is unclear why this is necessary.
Yes, unclear indeed, maybe a mystery. But it works, at least for me. Of course I started with prayers and some voodoo. But then I read the mailing-list and manuals. And tried my modification of /etc/apparmor.d/usr.sbin.nscd. The result: nfs-server and postfix work like before. To be sure I just repeated the operation on a notebook with the Tumbleweed update. Same result.
The whole idea of abstractions/nameservice is that you do not need to put this into every service's rule.
A deep analysis of the apparmor system is far beyond my competence. I hope someone with better insight will find out what has to be done. Best regards -- Gerald Hammer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org