Project

General

Profile

Actions
Copy link

action #45920

closed

[sle][security] aa_enforce: apparmor 2.13.2 introduced nscd as profile name

Added by dimstar over 5 years ago. Updated about 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
llzhao
Category:
Bugs in existing tests
Target version:
-
Start date:
2019-01-10
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Observation

openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-apparmor@64bit fails in
aa_enforce

Reproducible

Fails since (at least) Build 20181231

Expected result

Last good: 20181224 (or more recent)

Further details

Always latest result in this scenario: latest

We no longer have a profile for /usr/sbin/nscd, due to this diff in the profile definition:

--- /etc/apparmor.d/usr.sbin.nscd 2018-12-19 23:10:32.000000000 +0100
+++ usr.sbin.nscd 2019-01-08 20:02:54.000000000 +0100
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------

#include
-/usr/sbin/nscd {
+profile nscd /usr/{bin,sbin}/nscd {
#include
#include
#include

Since this is now a named profile, it is listed with the name, not with the path of the binary it guards (as it matches two binaries now)

This needs to be reflected in the way we test here

Actions
Copy link

Also available in: Atom PDF