Mailinglist Archive: opensuse-bugs (7818 mails)

< Previous Next >
[Bug 241479] New: Fix for usr.sbin.nscd profile
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 2 Feb 2007 06:03:30 -0700 (MST)
  • Message-id: <bug-241479-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>

Summary: Fix for usr.sbin.nscd profile
Product: SUSE Linux 10.1
Version: Final
Platform: All
OS/Version: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: AppArmor
AssignedTo: dreynolds@xxxxxxxxxx
ReportedBy: rbh@xxxxxxxxxx
QAContact: dreynolds@xxxxxxxxxx

I guess that the following also applies to openSUSE 10.2. The bug was also in
SLES 10 SP1 beta 2 and has been reported.

When users are stored in an LDAP-database and /etc/ldap.conf has
"tls_checkpeer yes", nscd needs access to certificates stored in the
directories configured by the "tls_cacertdir" directive in
/etc/ldap.conf. This is usually some subdirectory of /etc/ssl. The
following patch to the apparmor-profiles package gives the nameservice
cache daemon access:

--- /etc/apparmor.d/usr.sbin.nscd.orig 2007-01-22 21:48:38.000000000 +0100
+++ /etc/apparmor.d/usr.sbin.nscd 2007-01-28 15:34:48.000000000 +0100
@@ -20,6 +20,7 @@

capability net_bind_service,

+ /etc/ssl** r,
/etc/nscd.conf r,
/proc/meminfo r,
/proc/*/fd r,

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

< Previous Next >