[Pkg-openldap-devel] [openldap] 02/05: fix socket permissions in apparmor profile
Ryan Tandy
rtandy-guest at moszumanska.debian.org
Tue May 26 15:51:27 UTC 2015
This is an automated email from the git hooks/post-receive script.
rtandy-guest pushed a commit to branch ubuntu/master
in repository openldap.
commit 6d78e5479a7983e92c7b7e39268dbe4940133255
Author: Ryan Tandy <ryan at nardis.ca>
Date: Mon May 25 18:39:19 2015 -0700
fix socket permissions in apparmor profile
---
debian/apparmor-profile | 3 ++-
debian/changelog | 4 ++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
index f31e599..25799e4 100644
--- a/debian/apparmor-profile
+++ b/debian/apparmor-profile
@@ -45,7 +45,8 @@
# pid files and sockets
/{,var/}run/slapd/* w,
- /{,var/}run/nslcd/* w,
+ /{,var/}run/slapd/ldapi rw,
+ /{,var/}run/nslcd/socket rw,
/usr/lib/ldap/ r,
/usr/lib/ldap/* mr,
diff --git a/debian/changelog b/debian/changelog
index 9554381..2be9f1f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -41,6 +41,10 @@ openldap (2.4.40+dfsg-1ubuntu1) UNRELEASED; urgency=low
- d/patches/its-7354-fix-delta-sync-mmr.diff
* Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
* debian/patches/nssov-build: Adjust for upstream changes.
+ * debian/apparmor-profile:
+ - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
+ kernel ABI v7 (utopic and later). (LP: #1392018)
+ - Reduce permissions on /run/nslcd to just the nslcd socket.
-- Ryan Tandy <ryan at nardis.ca> Sat, 21 Feb 2015 16:45:22 -0800
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git
More information about the Pkg-openldap-devel
mailing list