split off abstractions/ldapclient from abstractions/nameservice

Original openSUSE changelog entry:

Thu Jan  6 16:23:19 UTC 2011 - rhafer@suse.de

- Splitted ldap related things from nameservice into separate
  profile and added some missing paths (bnc#662761)

profiles/apparmor.d/abstractions/ldapclient

@@ -0,0 +1,21 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2011 Novell/SUSE
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+  # files required by LDAP clients (e.g. nss_ldap/pam_ldap)
+  /etc/ldap.conf            r,
+  /etc/ldap.secret          r,
+  /etc/openldap/*           r,
+  /etc/openldap/cacerts/*   r,
+
+  # SASL plugins and config
+  /etc/sasl2/*              r,
+  /usr/lib{,32,64}/sasl2/*  r,
+
+  #include <abstractions/ssl_certs>

profiles/apparmor.d/abstractions/nameservice

@@ -16,8 +16,6 @@
   /etc/group              r,
   /etc/host.conf          r,
   /etc/hosts              r,
-  /etc/ldap.conf          r,
-  /etc/ldap.secret        r,
   /etc/nsswitch.conf      r,
   /etc/gai.conf           r,
   /etc/passwd             r,
@@ -32,9 +30,6 @@
 
   /etc/samba/lmhosts      r,
   /etc/services           r,
-  # all openldap config
-  /etc/openldap/*         r,
-  /etc/ldap/**            r,
   # db backend
   /var/lib/misc/*.db      r,
   # The Name Service Cache Daemon can cache lookups, sometimes leading
@@ -60,6 +55,9 @@
   # nis
   #include <abstractions/nis>
 
+  # ldap
+  #include <abstractions/ldapclient>
+
   # winbind
   #include <abstractions/winbind>