usr.sbin.nscd needs unix socket access to @userdb-*
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This concerns apparmor-profiles 2.13.3-7ubuntu5 in Ubuntu focal.
I use the usr.sbin.nscd profile in enforce mode, and am seeing the following messages in /var/log/syslog . I don't know if the SIGABRT is related:
May 27 04:39:56 test-ubuntu64 kernel: [ 199.392521] audit: type=1400 audit(159056879
May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Main process exited, code=killed, status=6/ABRT
May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Failed with result 'signal'.
May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Scheduled restart job, restart counter is at 9.
The @userdb-* binding looks like a systemd thing. Should a rule for this go into /etc/apparmor.
This will be fixed in the next apparmor upload.