Public bug reported: This concerns apparmor-profiles 2.13.3-7ubuntu5 in Ubuntu focal.
I use the usr.sbin.nscd profile in enforce mode, and am seeing the following messages in /var/log/syslog . I don't know if the SIGABRT is related: May 27 04:39:56 test-ubuntu64 kernel: [ 199.392521] audit: type=1400 audit(1590568796.975:76): apparmor="DENIED" operation="bind" profile="nscd" pid=1679 comm="nscd" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr="@userdb-4a5d3fdcfb9afbd7fc75948800519358" May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Main process exited, code=killed, status=6/ABRT May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Failed with result 'signal'. May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Scheduled restart job, restart counter is at 9. The @userdb-* binding looks like a systemd thing. Should a rule for this go into /etc/apparmor.d/abstractions/nameservice ? ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Tags: focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1880841 Title: usr.sbin.nscd needs unix socket access to @userdb-* Status in apparmor package in Ubuntu: New Bug description: This concerns apparmor-profiles 2.13.3-7ubuntu5 in Ubuntu focal. I use the usr.sbin.nscd profile in enforce mode, and am seeing the following messages in /var/log/syslog . I don't know if the SIGABRT is related: May 27 04:39:56 test-ubuntu64 kernel: [ 199.392521] audit: type=1400 audit(1590568796.975:76): apparmor="DENIED" operation="bind" profile="nscd" pid=1679 comm="nscd" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr="@userdb-4a5d3fdcfb9afbd7fc75948800519358" May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Main process exited, code=killed, status=6/ABRT May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Failed with result 'signal'. May 27 04:40:17 test-ubuntu64 systemd[1]: nscd.service: Scheduled restart job, restart counter is at 9. The @userdb-* binding looks like a systemd thing. Should a rule for this go into /etc/apparmor.d/abstractions/nameservice ? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1880841/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp