apparmor/apparmor-2.5.1-edirectory-profile

46 lines
1.5 KiB
Plaintext

From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor-profiles: Add support for eDirectory calls from nscd
References: bnc#621394
eDirectory hooks into nscd and provides its own libraries. In order for
this to operate properly with AppArmor, it needs to be told about these
libraries.
This patch adds a new abstract profile and includes it in the nameservice
profile.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
profiles/apparmor.d/abstractions/nameservice | 3 +++
profiles/apparmor.d/abstractions/novell-edirectory | 13 +++++++++++++
2 files changed, 16 insertions(+)
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -71,6 +71,9 @@
# kerberos
#include <abstractions/kerberosclient>
+ # Novell eDirectory
+ #include <abstractions/novell-edirectory>
+
# TCP/UDP network access
network inet stream,
network inet6 stream,
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/novell-edirectory
@@ -0,0 +1,13 @@
+# $Id$
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2010 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /opt/novell/eDirectory/lib/lib*so* r,
+ /opt/novell/eDirectory/lib64/lib*so* r,