enterprise-support team mailing list archive

Thread
Date

[Bug 1805178] Re: Apparmor should include letsencrypt directory for Slapd

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Christian Ehrhardt  <1805178@xxxxxxxxxxxxxxxxxx>
Date: Wed, 25 May 2022 14:13:56 -0000
Reply-to: Bug 1805178 <1805178@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Andreas fixed that in 2.4.49+dfsg-2ubuntu1 [Focal] which started to have
profile in openldap and include ssl_cert which (as Christian Bolz
outlined above) do include those paths.

# grep ssl_c /etc/apparmor.d/usr.sbin.slapd 
  #include <abstractions/ssl_certs>

# grep enc /etc/apparmor.d/abstractions/ssl_certs 
  /etc/letsencrypt/archive/*/cert*.pem r,
  /etc/letsencrypt/archive/*/chain*.pem r,
  /etc/letsencrypt/archive/*/fullchain*.pem r,

Fixed Focal onwads, and since users can modify the local overrides if
needed I'm not sure how important an SRU of the same is (changing
isolation in SRUs is discouraged AFAIK).

** Changed in: openldap (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1805178

Title:
  Apparmor should include letsencrypt directory for Slapd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1805178/+subscriptions

References

[Bug 1805178] [NEW] Apparmor should include letsencrypt directory for Slapd
From: Tarek Loubani, 2018-11-26