Public bug reported:
A simple 'sudo slapcat -l ./foo.ldif' results in this apparmor entry:
Mar 19 12:30:07 hardy-amd64-sec kernel: [ 0.000000]
audit(1205929807.141:3): operation="inode_create" request_mask="w::"
denied_mask="w::" name="/home/jamie/foo.ldif" pid=4384
profile="/usr/sbin/slapd" namespace="default"
The reason why is because slapcat is a symlink to slapd, and apparmor
evaluates symlinks to the name of the file they point to. One solution
might be to use hard links instead of symlinks.
As slapacl, slapadd, slapauth, slapdn, slapindex, slappasswd and
slaptest are also symlinks, these are all likely broken as well.
** Affects: openldap2.3 (Ubuntu)
Importance: Undecided
Assignee: Jamie Strandboge (jamie-strandboge)
Status: Confirmed
** Changed in: openldap2.3 (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jamie-strandboge)
Status: New => Confirmed
--
slapcat broken when default apparmor profile is enabled
https://bugs.launchpad.net/bugs/203898
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
