Merge nscd: add permission to allow supporting unscd

`unscd` is a drop-in replacement for `nscd` that uses the same binary location (`/usr/sbin/nscd`) and config file (`/etc/nscd.conf`). The `usr.sbin.nscd` profile only needs one additional permission to support it. ``` May 9 18:07:42 darkstar kernel: [ 2706.138823] audit: type=1400 audit(1683670062.580:839): apparmor="DENIED" operation="sendmsg" profile="nscd" name="/run/systemd/notify" pid=4343 comm="nscd" requested_mask="w" denied_mask="w" fsuid=125 ouid=0 ``` MR: !1031 Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Christian Boltz <apparmor@cboltz.de> (cherry picked from commit dec3815f) bd0d401b nscd: add permission to allow supporting unscd

Merge nscd: add permission to allow supporting unscd
536959d7 · Christian Boltz · 9cd55ff4 · 536959d7
Commit 536959d7 authored 1 year ago by Christian Boltz
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -43,6 +43,9 @@ profile nscd /usr/{bin,sbin}/nscd {
  /{etc,run,run/host,/usr/lib}/userdb/ r,
  /{etc,run,run/host,/usr/lib}/userdb/*.{user,user-privileged,group,group-privileged} r,

+  # needed by unscd
+  @{run}/systemd/notify w,
+
  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.nscd>
 }