For the p11-kit apparmor inclusions, I would suggest to include the <abstractions/p11-kit> abstraction instead. I didn't find an abstraction for opensc, but I'm wondering if just allowing /etc/opensc/opensc.conf is enough. The smartcard stack is quite complicated, and could touch many different files on a system.
And as your comments have shown, we actually need a proper testcase, to avoid discovering more and more rules that need changing. About fixing debian first, that would be nice, but it's not mandatory. If we have a good test case, good patch, and are confident in the fix, we can proceed, and submit the fix to debian in parallel. About your test case, you shouldn't be changing files manually. The expectation is that installing an updated package, with the fix, will make the testcase pass. Can you come up with the final set of changes that are needed for the sssd apparmor profile? And -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2109673 Title: Authentication with smartcard is not working with apparmor DENIED To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2109673/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
