nscd: add permission to allow supporting unscd (!1031) · Merge requests · AppArmor / apparmor

Daniel Richard G. requested to merge iskunk/apparmor:new-1 into master May 10, 2023

unscd is a drop-in replacement for nscd that uses the same binary location (/usr/sbin/nscd) and config file (/etc/nscd.conf). The usr.sbin.nscd profile only needs one additional permission to support it.

May 9 18:07:42 darkstar kernel: [ 2706.138823] audit: type=1400
audit(1683670062.580:839): apparmor="DENIED" operation="sendmsg"
profile="nscd" name="/run/systemd/notify" pid=4343 comm="nscd"
requested_mask="w" denied_mask="w" fsuid=125 ouid=0

nscd: add permission to allow supporting unscd

Merge request reports