action #45920
closed[sle][security] aa_enforce: apparmor 2.13.2 introduced nscd as profile name
0%
Description
Observation¶
openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-apparmor@64bit fails in
aa_enforce
Reproducible¶
Fails since (at least) Build 20181231
Expected result¶
Last good: 20181224 (or more recent)
Further details¶
Always latest result in this scenario: latest
We no longer have a profile for /usr/sbin/nscd, due to this diff in the profile definition:
--- /etc/apparmor.d/usr.sbin.nscd 2018-12-19 23:10:32.000000000 +0100
+++ usr.sbin.nscd 2019-01-08 20:02:54.000000000 +0100
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
#include
-/usr/sbin/nscd {
+profile nscd /usr/{bin,sbin}/nscd {
#include
#include
#include
Since this is now a named profile, it is listed with the name, not with the path of the binary it guards (as it matches two binaries now)
This needs to be reflected in the way we test here