mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

abstractions/nameservice: allow accessing /run/systemd/userdb/

Browse source 
On systems with systemd 245, nss-systemd additionally queries NSS records from systemd-userdbd.service. See https://systemd.io/USER_GROUP_API/ .

Signed-off-by: nl6720 <nl6720@gmail.com>
This commit is contained in:
nl6720 2020-03-19 12:05:44 +02:00
parent 02cfbc8b96
commit 16f9f6885a
Failed to generate hash of commit
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
profiles/apparmor.d/abstractions/nameservice
View file

@ -29,6 +29,11 @@
/var/lib/extrausers/group r, /var/lib/extrausers/group r,
/var/lib/extrausers/passwd r, /var/lib/extrausers/passwd r,
# NSS records from systemd-userdbd.service
@{run}/systemd/userdb/ r,
@{run}/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
@{PROC}/sys/kernel/random/boot_id r,
# When using sssd, the passwd and group files are stored in an alternate path # When using sssd, the passwd and group files are stored in an alternate path
# and the nss plugin also needs to talk to a pipe # and the nss plugin also needs to talk to a pipe
/var/lib/sss/mc/group r, /var/lib/sss/mc/group r,