slapd cannot read nscd files on Hardy

Bug #322348 reported by Christian Holtje on 2009-01-28
2
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned
Hardy
Low
Unassigned
Karmic
Undecided
Unassigned
openldap2.3 (Ubuntu)
Low
Unassigned
Hardy
Undecided
Unassigned
Karmic
Low
Unassigned

Bug Description

Binary package hint: slapd

From my logs:

Jan 28 09:45:15 gerf kernel: [579130.725552] audit(1233153915.942:5): type=1503 operation="file_mmap" requested_mask="r::" denied_mask="r::" name="/var/cache/nscd/passwd" pid=686 profile="/usr/sbin/slapd" namespace="default"
Jan 28 09:45:15 gerf kernel: [579130.729189] audit(1233153915.946:6): type=1503 operation="file_mmap" requested_mask="r::" denied_mask="r::" name="/var/cache/nscd/group" pid=686 profile="/usr/sbin/slapd" namespace="default"

I assume I can work around this by adding to /etc/apparmor.d/usr.sbin.slapd
  # nscd
  /var/cache/nscd/** r,

Info:

Description: Ubuntu 8.04.2
Release: 8.04
slapd 2.4.9-0ubuntu0 OpenLDAP server (slapd)

Mathias Gug (mathiaz) wrote :

It may be better to fix this in one of the apparmor abstraction.

Chuck Short (zulcss) on 2009-10-08
Changed in openldap2.3 (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Jamie Strandboge (jdstrand) wrote :

Jaunty and higher have:
  /var/{db,cache}/nscd/{passwd,group,services,host} r,

Changed in apparmor (Ubuntu Karmic):
status: New → Fix Released
Jamie Strandboge (jdstrand) wrote :

This is actually a dupe of bug #342198. However, I am going to mark the Hardy task as 'Triaged' in case someone wants to do an SRU.

Changed in apparmor (Ubuntu Hardy):
status: New → Triaged
summary: - audit warnings [apparmor]
+ slapd cannot read nscd files on Hardy
Changed in openldap2.3 (Ubuntu Hardy):
status: New → Invalid
Changed in openldap2.3 (Ubuntu Karmic):
status: Triaged → Invalid
Jamie Strandboge (jdstrand) wrote :

On second thought, I am going to mark the is "Won't Fix" as this does not meet the criteria for an SRU set forth in https://wiki.ubuntu.com/StableReleaseUpdates and the workaround is simple. Feel free to adjust if you find this in error and decide to pursue an SRU.

Changed in apparmor (Ubuntu Hardy):
importance: Undecided → Low
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers