** Also affects: nss-pam-ldapd (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
- python-ldap runs its tests in TMPDIR = os.environ.get('TMP',
- os.getcwd()), but this is denied by apparmor.
+ package tests run in a directory that is denied by apparmor.
+
+ == nss-pam-ldapd ==
+ sets up slapd config in /tmp/
+
+ echo "$script: setting up test slapd..."
+ tmpslapd=`mktemp -d -t slapd.XXXXXX`
+ tests/setup_slapd.sh "$tmpslapd" setup
+ tests/setup_slapd.sh "$tmpslapd" start
+ =>
+ 105s testsuite: setting up test slapd...
+ 105s Creating blank /tmp/slapd.HYWyj5 slapd environment... done.
+ 108s Fixing permissions... done.
+ 108s Starting OpenLDAP: slapd FAILED
+ slapd -F "/tmp/slapd.HYWyj5/slapd.d" -u "$user" -g "$group" -h "ldap:///
ldaps:/// ldapi:///"
+
+
+ == python-ldap ==
+ runs its tests in /tmp/autopkgtest
+ via TMPDIR = os.environ.get('TMP', os.getcwd()), but this is denied by
apparmor.
to test the openldap config validity, python-ldap starts:
- def _test_config(self):
- self._log.debug('testing config %s', self._slapd_conf)
- popen_list = [
- self.PATH_SLAPD,
- "-Ttest",
- "-F", self._slapd_conf,
- "-u",
- "-v",
- "-d", "config"
- ]
- p = subprocess.run(
- popen_list,
- stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT
- )
- if p.returncode != 0:
- self._log.error(p.stdout.decode("utf-8"))
- raise RuntimeError("configuration test failed")
- self._log.info("config ok: %s", self._slapd_conf)
-
+ def _test_config(self):
+ self._log.debug('testing config %s', self._slapd_conf)
+ popen_list = [
+ self.PATH_SLAPD,
+ "-Ttest",
+ "-F", self._slapd_conf,
+ "-u",
+ "-v",
+ "-d", "config"
+ ]
+ p = subprocess.run(
+ popen_list,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT
+ )
+ if p.returncode != 0:
+ self._log.error(p.stdout.decode("utf-8"))
+ raise RuntimeError("configuration test failed")
+ self._log.info("config ok: %s", self._slapd_conf)
this is denied by apparmor:
192s autopkgtest [04:33:39]: test startserver: [-----------------------
192s 2025-10-29 04:33:39,747 ERROR ldif_read_file: Permission denied for
"/tmp/autopkgtest.y86Vgq/autopkgtest_tmp/python-ldap-test-59787/slapd.d/cn=config.ldif"
192s slaptest: bad configuration directory!
- 192s
+ 192s
192s Traceback (most recent call last):
192s File "<string>", line 1, in <module>
192s import slapdtest; server = slapdtest.SlapdObject(); server.start();
assert server.port > 0 and server.port < 65536; server.stop()
192s ~~~~~~~~~~~~^^
192s File "/usr/lib/python3/dist-packages/slapdtest/_slapdtest.py", line
448, in start
192s self._test_config()
192s ~~~~~~~~~~~~~~~~~^^
192s File "/usr/lib/python3/dist-packages/slapdtest/_slapdtest.py", line
395, in _test_config
192s raise RuntimeError("configuration test failed")
192s RuntimeError: configuration test failed
** Description changed:
+ this happens due to fixing apparmor in bug #2119884
+
package tests run in a directory that is denied by apparmor.
== nss-pam-ldapd ==
sets up slapd config in /tmp/
echo "$script: setting up test slapd..."
tmpslapd=`mktemp -d -t slapd.XXXXXX`
tests/setup_slapd.sh "$tmpslapd" setup
tests/setup_slapd.sh "$tmpslapd" start
=>
105s testsuite: setting up test slapd...
105s Creating blank /tmp/slapd.HYWyj5 slapd environment... done.
108s Fixing permissions... done.
108s Starting OpenLDAP: slapd FAILED
slapd -F "/tmp/slapd.HYWyj5/slapd.d" -u "$user" -g "$group" -h "ldap:///
ldaps:/// ldapi:///"
-
== python-ldap ==
runs its tests in /tmp/autopkgtest
via TMPDIR = os.environ.get('TMP', os.getcwd()), but this is denied by
apparmor.
to test the openldap config validity, python-ldap starts:
def _test_config(self):
self._log.debug('testing config %s', self._slapd_conf)
popen_list = [
self.PATH_SLAPD,
"-Ttest",
"-F", self._slapd_conf,
"-u",
"-v",
"-d", "config"
]
p = subprocess.run(
popen_list,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT
)
if p.returncode != 0:
self._log.error(p.stdout.decode("utf-8"))
raise RuntimeError("configuration test failed")
self._log.info("config ok: %s", self._slapd_conf)
this is denied by apparmor:
192s autopkgtest [04:33:39]: test startserver: [-----------------------
192s 2025-10-29 04:33:39,747 ERROR ldif_read_file: Permission denied for
"/tmp/autopkgtest.y86Vgq/autopkgtest_tmp/python-ldap-test-59787/slapd.d/cn=config.ldif"
192s slaptest: bad configuration directory!
192s
192s Traceback (most recent call last):
192s File "<string>", line 1, in <module>
192s import slapdtest; server = slapdtest.SlapdObject(); server.start();
assert server.port > 0 and server.port < 65536; server.stop()
192s ~~~~~~~~~~~~^^
192s File "/usr/lib/python3/dist-packages/slapdtest/_slapdtest.py", line
448, in start
192s self._test_config()
192s ~~~~~~~~~~~~~~~~~^^
192s File "/usr/lib/python3/dist-packages/slapdtest/_slapdtest.py", line
395, in _test_config
192s raise RuntimeError("configuration test failed")
192s RuntimeError: configuration test failed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130351
Title:
openldap apparmor profile denies access to test files in /tmp/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/2130351/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
