enterprise-support team mailing list archive

Thread
Date

[Bug 1805178] [NEW] Apparmor should include letsencrypt directory for Slapd

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Tarek Loubani <1805178@xxxxxxxxxxxxxxxxxx>
Date: Mon, 26 Nov 2018 16:36:10 -0000
Reply-to: Bug 1805178 <1805178@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Apparmor denies access to /etc/letsencrypt for slapd, which is confusing
for users trying to secure ldap with Letsencrypt in a stock
configuration.

The fix is inserting the following line in
/etc/apparmor.d/usr.sbin.slapd:

  /etc/letsencrypt/** r,

and then refreshing the profile:

# apparmor_parser -vr usr.sbin.slapd

This line should simply be included.

tarek : )

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1805178

Title:
  Apparmor should include letsencrypt directory for Slapd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1805178/+subscriptions

Follow ups

[Bug 1805178] Re: Apparmor should include letsencrypt directory for Slapd
From: Christian Ehrhardt , 2022-05-25
[Bug 1805178] Re: Apparmor should include letsencrypt directory for Slapd
From: Andreas Hasenack, 2019-01-30
[Bug 1805178] Re: Apparmor should include letsencrypt directory for Slapd
From: Launchpad Bug Tracker, 2019-01-30
[Bug 1805178] Re: Apparmor should include letsencrypt directory for Slapd
From: Andreas Hasenack, 2018-11-29