From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor-profiles: Add support for eDirectory calls from nscd
References: bnc#621394

 eDirectory hooks into nscd and provides its own libraries. In order for
 this to operate properly with AppArmor, it needs to be told about these
 libraries.

 This patch adds a new abstract profile and includes it in the nameservice
 profile.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 profiles/apparmor.d/abstractions/nameservice       |    3 +++
 profiles/apparmor.d/abstractions/novell-edirectory |   13 +++++++++++++
 2 files changed, 16 insertions(+)

--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -70,6 +70,9 @@
   # kerberos
   #include <abstractions/kerberosclient>
 
+  # Novell eDirectory
+  #include <abstractions/novell-edirectory>
+
   # TCP/UDP network access
   network inet  stream,
   network inet6 stream,
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/novell-edirectory
@@ -0,0 +1,13 @@
+# $Id$
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2010 Novell/SUSE
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+  /opt/novell/eDirectory/lib/lib*so* r,
+  /opt/novell/eDirectory/lib64/lib*so* r,