mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 05:17:59 +00:00
Code Issues Releases Wiki Activity

abstractions/nameservice: allow kanidm-unixd

Browse Source 
If kanidm is configured in nsswitch.conf(5), access to the kanidm-unixd
configuration is needed for applications to resolve entries.

For example:

```
type=AVC apparmor="DENIED" operation="open" class="file" profile="php-fpm"
name="/etc/kanidm/unixd" comm="php-fpm" requested_mask="r" denied_mask="r"
```

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2025-04-18 17:15:02 +02:00
parent cda9153772
commit 675a99ac7b
No known key found for this signature in database
GPG Key ID: 1ED2F138E7E6FF57
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
profiles/apparmor.d/abstractions/nameservice
View File

@ -58,6 +58,9 @@
@{PROC}/@{pid}/net/psched r,
@{etc_ro}/libnl-*/classid r,
# user/group resolution through kanidm
/etc/kanidm/unixd r,
# nis
include <abstractions/nis>