[Bug 2130351] [NEW] openldap apparmor profile denies access to test files in /tmp/

Thu, 30 Oct 2025 09:00:41 -0700 

Public bug reported:

python-ldap runs its tests in TMPDIR = os.environ.get('TMP',
os.getcwd()), but this is denied by apparmor.

to test the openldap config validity, python-ldap starts:

    def _test_config(self):
        self._log.debug('testing config %s', self._slapd_conf)
        popen_list = [
            self.PATH_SLAPD,
            "-Ttest",
            "-F", self._slapd_conf,
            "-u",
            "-v",
            "-d", "config"
        ]
        p = subprocess.run(
            popen_list,
            stdout=subprocess.PIPE,
            stderr=subprocess.STDOUT
        )
        if p.returncode != 0:
            self._log.error(p.stdout.decode("utf-8"))
            raise RuntimeError("configuration test failed")
        self._log.info("config ok: %s", self._slapd_conf)


this is denied by apparmor:

192s autopkgtest [04:33:39]: test startserver: [-----------------------
192s 2025-10-29 04:33:39,747 ERROR ldif_read_file: Permission denied for 
"/tmp/autopkgtest.y86Vgq/autopkgtest_tmp/python-ldap-test-59787/slapd.d/cn=config.ldif"
192s slaptest: bad configuration directory!
192s 
192s Traceback (most recent call last):
192s   File "<string>", line 1, in <module>
192s     import slapdtest; server = slapdtest.SlapdObject(); server.start(); 
assert server.port > 0 and server.port < 65536; server.stop()
192s                                                         ~~~~~~~~~~~~^^
192s   File "/usr/lib/python3/dist-packages/slapdtest/_slapdtest.py", line 448, 
in start
192s     self._test_config()
192s     ~~~~~~~~~~~~~~~~~^^
192s   File "/usr/lib/python3/dist-packages/slapdtest/_slapdtest.py", line 395, 
in _test_config
192s     raise RuntimeError("configuration test failed")
192s RuntimeError: configuration test failed

** Affects: nss-pam-ldapd (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: python-ldap (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: update-excuse

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130351

Title:
  openldap apparmor profile denies access to test files in /tmp/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/2130351/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to