From 8f28eebe5a0ff0c9bde0e181d306e78ab281377d Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Wed, 24 Aug 2011 00:57:42 +0200
Subject: [PATCH] Add capability setuid and setgid to nscd profile. Needed by
 unscd to switch to a non-root user. unscd is installed as /usr/sbin/nscd at
 least at openSUSE.

Original changelog entry from unscd package:
Mon Sep  7 17:30:36 CEST 2009 - pbaudis[at]suse.cz
- Provide the /etc/apparmor.d/usr.sbin.nscd file and make it allow
  for change to the nobody user [bnc#535467]

Currently the nscd package from glibc and the unscd package both contain
a usr.sbin.nscd profile which needs to maintained/updated manually.
With this patch, the profile could be moved back to the
apparmor-profiles package.


Acked-By: Steve Beattie <sbeattie@ubuntu.com>
---
 profiles/apparmor.d/usr.sbin.nscd | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/profiles/apparmor.d/usr.sbin.nscd b/profiles/apparmor.d/usr.sbin.nscd
index 18a474d37..a03ed0036 100644
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -17,6 +17,8 @@
   #include <abstractions/ssl_certs>
 
   capability net_bind_service,
+  capability setgid,
+  capability setuid,
 
   network inet dgram,
   network inet stream,