abstraction/nameservice should include allow access to /var/lib/sss/mc/initgroups
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Undecided
|
Unassigned | ||
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
From https:/
[2794367.925181] apparmor="DENIED" operation="open" profile=
The unbound AA profile includes abstractions/
$ diff -Naur abstractions/
--- abstractions/
+++ abstractions/
@@ -30,6 +30,7 @@
# and the nss plugin also needs to talk to a pipe
/var/
/var/
+ /var/lib/
/var/
/etc/resolv.conf r,
FTR this was already added upstream in commit 84cd523d8c which is part of AppArmor v2.12. So i'll be fixed whenever Ubuntu upgrades to 2.12 :)