Steve Langasek <[EMAIL PROTECTED]> writes: > The attached patch has been applied to the Ubuntu openldap2.3 source > package, for compatibility with apparmor. Without this patch, applying an > apparmor policy to slapd causes all of slap* to break, because these are > installed as symlinks and as a result the same apparmor policy is applied to > them when it shouldn't be - preventing, e.g., using slapadd/slapcat to > read/write to an ldif in a user's home directory. > > The following explanation is provided in the changelog: > > - debian/rules, debian/slapd.links: use hard links to slapd instead of > symlinks for slap* so these applications aren't confined by apparmor > (LP: #203898) > > Should we incorporate this patch into the Debian package? FWIW, the Ubuntu > openldap2.3 package has been patched somewhat extensively for apparmor > support, but given that Debian doesn't support apparmor I don't see the > point in bloating the package with a bunch of apparmor code; whereas I can't > see anything that would be a problem with switching the symlinks to hard > links, since we're maintaining a static list of them either way.
Seems fine to me. I don't believe Policy has any position one way or the other on links within a directory and it should be equivalent. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
