I just check the apparmor profiles for Hardy, Intrepid and Jaunty, and they all
have (after including the abstractions):
#include <abstractions/ssl_certs>
/etc/ssl/private/ r,
/etc/ssl/private/* r,
This works out to:
/etc/ssl/ r,
/etc/ssl/certs/ r,
/etc/ssl/certs/* r,
/etc/ssl/private/ r,
/etc/ssl/private/* r,
I think if this is going to be fixed, it should be fixed in the apparmor
package, so am moving it there. The question then becomes, should
/etc/apparmor.d/abstractions/ssl_certs become:
/etc/ssl/ r,
/etc/ssl/* r,
This would obviate the need for references to /etc/ssl/private/ (and
abstractions/ssl_keys on Jaunty). What do people think?
** Changed in: openldap2.3 (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
Status: Confirmed => Invalid
** Changed in: apparmor (Ubuntu)
Sourcepackagename: openldap => apparmor
--
Apparmour doesnt support use of /etc/ssl/<servicename>
https://bugs.launchpad.net/bugs/317109
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
