[pkg-apparmor] Bug#761994: Extra profile for /usr/sbin/useradd , , missing access right for /etc/subuid and /etc/subgid
Fabian Grünbichler
fabian.gruenbichler at student.tuwien.ac.at
Wed Sep 17 15:19:43 UTC 2014
Package: apparmor-profiles
Version: 2.8.0-6
Severity: normal
Tags: patch
Hello,
the AppArmor profile for useradd (which is not activated by default, but
located in /usr/share/doc/apparmor-profiles/extras/usr.sbin.useradd)
seems to be missing a couple of lines for the files /etc/subuid ,
/etc/subuid- , /etc/subuid+ , /etc/subuid.* , /etc/subgid , /etc/subgid-
, /etc/subgid+ , /etc/subgid.* .
The attached patch might allow too much rights, so please double check
to make sure. I noticed the problem because the recent systemd-sysv
upgrade (208 -> 2015) aborts when the unmodified useradd profile is
enforced (because it calls '/usr/sbin/useradd -d /run/systemd -g
systemd-timesync -s /bin/false -u 119 systemd-timesync' which fails).
Thanks for the work on AppArmor!
Fabian
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (510, 'unstable'), (310, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apparmor-profiles depends on:
ii apparmor 2.8.0-6
apparmor-profiles recommends no packages.
apparmor-profiles suggests no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apparmor-useradd.patch
Type: text/x-patch
Size: 179 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20140917/22f13bc9/attachment.bin>
More information about the pkg-apparmor-team
mailing list