apparmor profile needs additions for nsswitch.conf

Bug #207912 reported by LaMont Jones
4
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Medium
Kees Cook
cupsys (Ubuntu)
Invalid
Medium
Martin Pitt

Bug Description

Binary package hint: cupsys

On machines with 'db' in nsswitch.conf's group entry, cupsd requires access to /var/lib/misc/group.db (read should be sufficient, although I've seen it ask for rw: denied)

Also, if 'ldap' is specified, then /etc/ldap/ldap.conf read access is required.

Ditto for pretty much anything else that does a getent(group)

lamont

Related branches

Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Pitti, can you check this and if it is OK, add appropriate rules to the AppArmor profile?

Changed in cupsys:
assignee: nobody → pitti
importance: Undecided → Medium
milestone: none → ubuntu-8.04
Revision history for this message
Steve Langasek (vorlon) wrote :

This bug belongs to apparmor: it should be implemented via /etc/apparmor.d/abstractions/nameservice which is already included by the cups profile, there's no reason to make this per-service.

Changed in cupsys:
status: New → Invalid
Revision history for this message
Kees Cook (kees) wrote :

Uploading fixes shortly...

Changed in apparmor:
assignee: nobody → keescook
importance: Undecided → Medium
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.1+1075-0ubuntu7

---------------
apparmor (2.1+1075-0ubuntu7) hardy; urgency=low

  * profiles/apparmor.d/abstractions/nameservice: (LP: #207912)
    - fix ldap path
    - add nsswitch "db" backend paths

 -- Kees Cook <email address hidden> Thu, 27 Mar 2008 14:19:06 -0700

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.