From ac1d0545f458b11728f2bcb4a7de0567538fa94a Mon Sep 17 00:00:00 2001
From: Daniel Richard G <skunk@iSKUNK.ORG>
Date: Mon, 30 Jul 2018 22:47:44 -0400
Subject: [PATCH] ldapclient abstraction: allow rw access to the nslcd socket.

This addresses https://launchpad.net/bugs/1575438 and also the case of
applications accessing the socket directly (due to NSS config).
---
 profiles/apparmor.d/abstractions/ldapclient | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/profiles/apparmor.d/abstractions/ldapclient b/profiles/apparmor.d/abstractions/ldapclient
index e3922ca6b..0c527282f 100644
--- a/profiles/apparmor.d/abstractions/ldapclient
+++ b/profiles/apparmor.d/abstractions/ldapclient
@@ -18,4 +18,7 @@
   /etc/sasl2/*              r,
   /usr/lib{,32,64}/sasl2/*  r,
 
+  # local LDAP name service daemon
+  /{,var/}run/nslcd/socket  rw,
+
   #include <abstractions/ssl_certs>