Package: apparmor-profiles Version: 2.8.0-6 Severity: normal Tags: patch Hello,
the AppArmor profile for useradd (which is not activated by default, but located in /usr/share/doc/apparmor-profiles/extras/usr.sbin.useradd) seems to be missing a couple of lines for the files /etc/subuid , /etc/subuid- , /etc/subuid+ , /etc/subuid.* , /etc/subgid , /etc/subgid- , /etc/subgid+ , /etc/subgid.* . The attached patch might allow too much rights, so please double check to make sure. I noticed the problem because the recent systemd-sysv upgrade (208 -> 2015) aborts when the unmodified useradd profile is enforced (because it calls '/usr/sbin/useradd -d /run/systemd -g systemd-timesync -s /bin/false -u 119 systemd-timesync' which fails). Thanks for the work on AppArmor! Fabian -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (510, 'unstable'), (310, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apparmor-profiles depends on: ii apparmor 2.8.0-6 apparmor-profiles recommends no packages. apparmor-profiles suggests no packages. -- no debconf information
39a40,47 > /etc/subuid rw, > /etc/subuid- rw, > /etc/subuid+ rw, > /etc/subuid.* rwl, > /etc/subgid rw, > /etc/subgid- rw, > /etc/subgid+ rw, > /etc/subgid.* rwl,
