From fa35aaa1c4d6f0832deeae5064cd08f135d36974 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Mon, 21 Mar 2016 21:30:19 +0100
Subject: [PATCH] nscd profile: allow paranoia mode

In /etc/nscd.conf there is an option allowing to restart nscd after a
certain time. However, this requires reading /proc/self/cmdline -
otherwise nscd will disable paranoia mode.


References: https://bugzilla.opensuse.org/show_bug.cgi?id=971790


Acked-By: Jamie Strandboge <jamie@canonical.com> for trunk, 2.10 and 2.9
---
 profiles/apparmor.d/usr.sbin.nscd | 1 +
 1 file changed, 1 insertion(+)

diff --git a/profiles/apparmor.d/usr.sbin.nscd b/profiles/apparmor.d/usr.sbin.nscd
index 55e812af4..4afcaf5e7 100644
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -31,6 +31,7 @@
   /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
   /{,var/}run/{nscd/,}nscd.pid rwl,
   /var/log/nscd.log rw,
+  @{PROC}/@{pid}/cmdline r,
   @{PROC}/@{pid}/fd/ r,
   @{PROC}/@{pid}/fd/* r,
   @{PROC}/@{pid}/mounts r,