https://bugzilla.novell.com/show_bug.cgi?id=241479 Summary: Fix for usr.sbin.nscd profile Product: SUSE Linux 10.1 Version: Final Platform: All OS/Version: Other Status: NEW Severity: Minor Priority: P5 - None Component: AppArmor AssignedTo: dreynolds@novell.com ReportedBy: rbh@math.ku.dk QAContact: dreynolds@novell.com I guess that the following also applies to openSUSE 10.2. The bug was also in SLES 10 SP1 beta 2 and has been reported. When users are stored in an LDAP-database and /etc/ldap.conf has "tls_checkpeer yes", nscd needs access to certificates stored in the directories configured by the "tls_cacertdir" directive in /etc/ldap.conf. This is usually some subdirectory of /etc/ssl. The following patch to the apparmor-profiles package gives the nameservice cache daemon access: --- /etc/apparmor.d/usr.sbin.nscd.orig 2007-01-22 21:48:38.000000000 +0100 +++ /etc/apparmor.d/usr.sbin.nscd 2007-01-28 15:34:48.000000000 +0100 @@ -20,6 +20,7 @@ capability net_bind_service, + /etc/ssl** r, /etc/nscd.conf r, /proc/meminfo r, /proc/*/fd r, -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.