Merge ~sergiodj/ubuntu/+source/sssd:bug1910611-update-apparmor-groovy into ubuntu/+source/sssd:ubuntu/groovy-devel
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Sergio Durigan Junior | ||||
Approved revision: | cb78c9c4232e6d61551fb659268ad550e0b13ee7 | ||||
Merged at revision: | cb78c9c4232e6d61551fb659268ad550e0b13ee7 | ||||
Proposed branch: | ~sergiodj/ubuntu/+source/sssd:bug1910611-update-apparmor-groovy | ||||
Merge into: | ubuntu/+source/sssd:ubuntu/groovy-devel | ||||
Diff against target: |
36 lines (+13/-0) 2 files modified
debian/apparmor-profile (+5/-0) debian/changelog (+8/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Needs Fixing | ||
Canonical Server | Pending | ||
Review via email: mp+396453@code.launchpad.net |
Description of the change
This is the fix for bug 1910611 on Groovy.
The sssd apparmor profile is outdated with regards to a few aspects:
- It doesn't allow the execution of binaries under /usr/libexec/sssd/*
- It doesn't allow sssd to read configuration files under /etc/sssd/conf.d/*
- It doesn't allow sssd to read files under /etc/gss/mech.d/*
The original bug only complained about the first item, but while investigating I found the other two issues, so I'm fixing them as well.
Here's a PPA with the proposed package:
https:/
And autopkgtest is still happy:
autopkgtest [17:48:05]: @@@@@@@
ldap-user-
ldap-user-
Fine - as the other one I've reviewed - +1.
TBH since the profile is default-off and config- change- to-fix the SRU Team might disagree that it is SRU-worthy (I'd think it is, but prepare for a discussion).