** Tags added: aa-policy
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1575455
Title:
New AppArmor profile: usr.sbin.nslcd
Status in AppArmor:
New
Status in apparmor
Thank you Seth :-) Next rev in each release should have this, right?
No copyright line is needed; this was trivial to derive from the nscd
profile.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://
Thanks, I added the profile to the 16.04 and 16.10 directories:
http://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/revision/167
http://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/revision/168
If you want a copyright line on the files, either propose one here or a
me
Seth, it seems you're absolutely right.
Denying dgram while the system is up is no big deal, because DNS lookups
go through nscd (or other similar infrastructure) instead of being sent
out directly.
But when the system is starting up, and nscd et al. aren't running yet,
the queries do need to go
For my part, I'm not seeing DNS issues, and I've got a hostname in my
LDAP server URI.
I'm not sure what goes on under the hood for normal DNS resolution these
days (maybe DNS over TCP is favored now?), but if there's any doubt in
your mind, feel free to drop those lines.
--
You received this bu
That's a great start; I'm concerned about blocking the dgram protocols
though -- will nslcd ever need to look up ldap server addresses via dns?
Your site may not, but maybe someone else's will?
Thanks
** Also affects: apparmor
Importance: Undecided
Status: New
--
You received this bug
6 matches
Mail list logo
