On Tue, Feb 11, 2014 at 03:53:34PM -0800, Seth Arnold wrote:
> Description: Allow using sssd for group and password lookups
> Index: apparmor/profiles/apparmor.d/abstractions/nameservice
> ===================================================================
> --- apparmor.orig/profiles/apparmor.d/abstractions/nameservice
> 2013-11-29 13:31:27.462965841 -0500
> +++ apparmor/profiles/apparmor.d/abstractions/nameservice 2013-11-29
> 13:32:05.286964238 -0500
> @@ -21,6 +21,12 @@
> /etc/passwd r,
> /etc/protocols r,
>
> + # When using sssd, the passwd and group files are stored in an alternate
> path
> + # and the nss plugin also needs to talk to a pipe
> + /var/lib/sss/mc/group r,
> + /var/lib/sss/mc/passwd r,
> + /var/lib/sss/pipes/nss rw,
> +
> /etc/resolv.conf r,
> # on systems using resolvconf, /etc/resolv.conf is a symlink to
> # /{,var/}run/resolvconf/resolv.conf and a file sometimes referenced inAcked-by: Steve Beattie <[email protected]>. I note that the smbd profile references /var/lib/sss/mc/passwd (which can be removed) as well as /var/lib/sss/pubconf/kdcinfo.*, which I'm less sure of the appropriate location for. FYI, the patch's author is Stéphane Graber <[email protected]>. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
