From a32c85c1c25d7f8e46b01217f0c322645c405e6c Mon Sep 17 00:00:00 2001
From: Steve Beattie <sbeattie@ubuntu.com>
Date: Wed, 9 Oct 2013 05:39:58 -0700
Subject: [PATCH] cleanup usr.sbin.nscd profile

From: Kshitij Gupta <kgupta8592@gmail.com>

This patch removes rules covered by abstractions in nscd profile:
- the network rules are in abstractions/nameservice
- @{PROC}/filesystems is in abstractions/base
- /{,var/}run/avahi-daemon/socket is in abstractions/nameservice
- /tmp/.winbindd/pipe and /var/lib/samba/winbindd_privileged/pipe are
  in abstractions/winbind via abstractions/nameservice

Acked-by: Steve Beattie <steve@nxnw.org>
---
 profiles/apparmor.d/usr.sbin.nscd | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/profiles/apparmor.d/usr.sbin.nscd b/profiles/apparmor.d/usr.sbin.nscd
index b2eeac148..c3f8a5a6c 100644
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -21,16 +21,10 @@
   capability setgid,
   capability setuid,
 
-  network inet dgram,
-  network inet stream,
-
   /etc/netgroup r,
   /etc/nscd.conf r,
-  /tmp/.winbindd/pipe rw,
   /usr/sbin/nscd rmix,
-  /var/lib/samba/winbindd_privileged/pipe rw,
   /{,var/}run/.nscd_socket wl,
-  /{,var/}run/avahi-daemon/socket w,
   /{,var/}run/nscd/ rw,
   /{,var/}run/nscd/db* rwl,
   /{,var/}run/nscd/socket wl,
@@ -41,7 +35,6 @@
   @{PROC}/@{pid}/fd/* r,
   @{PROC}/@{pid}/maps r,
   @{PROC}/@{pid}/mounts r,
-  @{PROC}/filesystems r,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.sbin.nscd>