Fix nscd conflict with systemd-homed

mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00

My main user account is managed by systemd-homed. When I enable
AppArmor and have nscd running, I get inconsistent behavior with my
user account - sometimes I can't log in, sometimes I can log in but
not use sudo, etc.

This is the output of getent passwd:
  $ getent passwd
  root❌0:0::/root:/usr/bin/zsh
  bin❌1:1::/:/sbin/nologin
  daemon❌2:2::/:/sbin/nologin
  mail❌8:12::/var/spool/mail:/sbin/nologin
  ftp❌14:11::/srv/ftp:/sbin/nologin
  http❌33:33::/srv/http:/sbin/nologin
  nobody❌65534:65534:Nobody:/:/sbin/nologin
  dbus❌81:81:System Message Bus:/:/sbin/nologin
  [...]
  rose❌1000:1000:Rose Kunkel:/home/rose:/usr/bin/zsh

But getent passwd rose and getent passwd 1000 both return no output.
Stopping nscd.service fixes these problems. Checking the apparmor
logs, I noticed that nscd was denied access to
/etc/machine-id. Allowing access to that file seems to have fixed the
issue.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/707
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/145
Signed-off-by: John Johansen <john.johansen@canonical.com>

This commit is contained in:

Rose Kunkel

2021-01-17 16:58:37 -08:00

• committed by

John Johansen

parent 656f2103ed

commit ee5303c8a0

1 changed files with 1 additions and 0 deletions

1

profiles/apparmor.d/usr.sbin.nscd

View file

 @ -23,6 +23,7 @@ profile nscd /usr/{bin,sbin}/nscd {
   capability setgid,
   capability setuid,
   /etc/machine-id r,
   /etc/netgroup r,
   /etc/nscd.conf r,
   /usr/{bin,sbin}/nscd rmix,

Rows
Columns

Fix nscd conflict with systemd-homed

1 profiles/apparmor.d/usr.sbin.nscd Unescape Escape View file

1

profiles/apparmor.d/usr.sbin.nscd

View file