Merge nscd: add permission to allow supporting unscd

`unscd` is a drop-in replacement for `nscd` that uses the same binary location (`/usr/sbin/nscd`) and config file (`/etc/nscd.conf`). The `usr.sbin.nscd` profile only needs one additional permission to support it. ``` May 9 18:07:42 darkstar kernel: [ 2706.138823] audit: type=1400 audit(1683670062.580:839): apparmor="DENIED" operation="sendmsg" profile="nscd" name="/run/systemd/notify" pid=4343 comm="nscd" requested_mask="w" denied_mask="w" fsuid=125 ouid=0 ``` MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1031 Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Christian Boltz <apparmor@cboltz.de>
2025-08-30 22:05:27 +00:00 · 2023-05-10 10:54:22 +00:00
parent c46bf8944a bd0d401b3d
commit dec3815f07
1 changed files with 3 additions and 0 deletions
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -45,6 +45,9 @@ profile nscd /usr/{bin,sbin}/nscd {
  /{etc,run,run/host,/usr/lib}/userdb/ r,
  /{etc,run,run/host,/usr/lib}/userdb/*.{user,user-privileged,group,group-privileged} r,

+  # needed by unscd
+  @{run}/systemd/notify w,
+
  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/usr.sbin.nscd>
 }