mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00
Code Issues Releases Wiki Activity

Add capability setuid and setgid to nscd profile. Needed by unscd

Browse Source 
to switch to a non-root user. unscd is installed as /usr/sbin/nscd
at least at openSUSE.

Original changelog entry from unscd package:
Mon Sep  7 17:30:36 CEST 2009 - pbaudis[at]suse.cz
- Provide the /etc/apparmor.d/usr.sbin.nscd file and make it allow
  for change to the nobody user [bnc#535467]

Currently the nscd package from glibc and the unscd package both contain
a usr.sbin.nscd profile which needs to maintained/updated manually.
With this patch, the profile could be moved back to the
apparmor-profiles package.


Acked-By: Steve Beattie <sbeattie@ubuntu.com>
This commit is contained in:
Christian Boltz 2011-08-24 00:57:42 +02:00
parent d17a87bd28
commit 8f28eebe5a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
profiles/apparmor.d/usr.sbin.nscd
View File

@ -17,6 +17,8 @@
#include <abstractions/ssl_certs> #include <abstractions/ssl_certs>
capability net_bind_service, capability net_bind_service,
capability setgid,
capability setuid,
network inet dgram, network inet dgram,
network inet stream, network inet stream,