I just check the apparmor profiles for Hardy, Intrepid and Jaunty, and they all have (after including the abstractions): #include <abstractions/ssl_certs> /etc/ssl/private/ r, /etc/ssl/private/* r,
This works out to: /etc/ssl/ r, /etc/ssl/certs/ r, /etc/ssl/certs/* r, /etc/ssl/private/ r, /etc/ssl/private/* r, I think if this is going to be fixed, it should be fixed in the apparmor package, so am moving it there. The question then becomes, should /etc/apparmor.d/abstractions/ssl_certs become: /etc/ssl/ r, /etc/ssl/* r, This would obviate the need for references to /etc/ssl/private/ (and abstractions/ssl_keys on Jaunty). What do people think? ** Changed in: openldap2.3 (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) Status: Confirmed => Invalid ** Changed in: apparmor (Ubuntu) Sourcepackagename: openldap => apparmor -- Apparmour doesnt support use of /etc/ssl/<servicename> https://bugs.launchpad.net/bugs/317109 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs