mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

cleanup usr.sbin.nscd profile

Browse Source 
From: Kshitij Gupta <kgupta8592@gmail.com>

This patch removes rules covered by abstractions in nscd profile:
- the network rules are in abstractions/nameservice
- @{PROC}/filesystems is in abstractions/base
- /{,var/}run/avahi-daemon/socket is in abstractions/nameservice
- /tmp/.winbindd/pipe and /var/lib/samba/winbindd_privileged/pipe are
  in abstractions/winbind via abstractions/nameservice

Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Steve Beattie 2013-10-09 05:39:58 -07:00
parent 3093465dc7
commit a32c85c1c2
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
profiles/apparmor.d/usr.sbin.nscd
View File

@ -21,16 +21,10 @@
capability setgid, capability setgid,
capability setuid, capability setuid,
network inet dgram,
network inet stream,
/etc/netgroup r, /etc/netgroup r,
/etc/nscd.conf r, /etc/nscd.conf r,
/tmp/.winbindd/pipe rw,
/usr/sbin/nscd rmix, /usr/sbin/nscd rmix,
/var/lib/samba/winbindd_privileged/pipe rw,
/{,var/}run/.nscd_socket wl, /{,var/}run/.nscd_socket wl,
/{,var/}run/avahi-daemon/socket w,
/{,var/}run/nscd/ rw, /{,var/}run/nscd/ rw,
/{,var/}run/nscd/db* rwl, /{,var/}run/nscd/db* rwl,
/{,var/}run/nscd/socket wl, /{,var/}run/nscd/socket wl,
@ -41,7 +35,6 @@
@{PROC}/@{pid}/fd/* r, @{PROC}/@{pid}/fd/* r,
@{PROC}/@{pid}/maps r, @{PROC}/@{pid}/maps r,
@{PROC}/@{pid}/mounts r, @{PROC}/@{pid}/mounts r,
@{PROC}/filesystems r,
# Site-specific additions and overrides. See local/README for details. # Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.nscd> #include <local/usr.sbin.nscd>