From 6e4fa53b796673bf2202a89d5162f2df0f53def3 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Fri, 15 Apr 2016 23:05:27 +0200
Subject: [PATCH] backport nscd profile additions from 2.9 branch

The most important change is /proc/[0-9]*/cmdline to allow paranoid mode.


Acked-by: Seth Arnold <seth.arnold@canonical.com>
---
 profiles/apparmor.d/usr.sbin.nscd | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/usr.sbin.nscd b/profiles/apparmor.d/usr.sbin.nscd
index 64720aeb2..28c5cf59d 100644
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -34,9 +34,10 @@
   /{,var/}run/nscd/ rw,
   /{,var/}run/nscd/db* rwl,
   /{,var/}run/nscd/socket wl,
-  /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
+  /{var/cache,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
   /{,var/}run/{nscd/,}nscd.pid rwl,
   /var/log/nscd.log rw,
+  @{PROC}/[0-9]*/cmdline r,
   @{PROC}/[0-9]*/fd/ r,
   @{PROC}/[0-9]*/fd/* r,
   @{PROC}/[0-9]*/maps r,