slapo-nssov not able to write socket file

Bug #508190 reported by ben thielsen on 2010-01-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Medium
Unassigned

Bug Description

the nss overlay attempts to write it's socket file to /var/run/nslcd/socket, but is prevented from doing so by apparmor:

type=1503 audit(1263524239.632:23): operation="mknod" pid=17179 parent=1 profile="/usr/sbin/slapd" requested_mask="w::" denied_mask="w::" fsuid=107 ouid=107 name="/var/run/nslcd/socket"

adjusting /etc/apparmor/usr.sbin.slapd to accommodate this resolves the issue:

  # pid files and sockets
  /var/run/slapd/* w,
  /var/run/nslcd/* w,

additionally, i don't believe that the slapd package created the /var/run/nslcd/ directory:

drwxr-xr-x 2 openldap openldap 80 2010-01-15 18:28 /var/run/nslcd/

Related branches

ben thielsen (btb-bitrate) wrote :

i neglected to include the following information:

source package: 2.4.18-0ubuntu1

>lsb_release -rd
Description: Ubuntu 9.10
Release: 9.10

>apt-cache policy slapd
slapd:
  Installed: 2.4.18-0ubuntu1
  Candidate: 2.4.18-0ubuntu1
  Version table:
 *** 2.4.18-0ubuntu1 0
        500 http://us.archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status

Chuck Short (zulcss) on 2010-01-18
tags: added: apparmor
Chuck Short (zulcss) on 2010-02-02
Changed in openldap (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.4.21-0ubuntu2

---------------
openldap (2.4.21-0ubuntu2) lucid; urgency=low

  * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
 -- Chuck Short <email address hidden> Tue, 09 Mar 2010 13:33:35 -0500

Changed in openldap (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers