** Description changed: + [Impact] Hello When we are using removable smartcard to authenticate, basically we set cert in /etc/sssd/pki/ as doc[1] says. and we have issue with Permission Denied. If we put /etc/sssd/pki/** r, in apparmor profile. it works. Although the path could be set to different path but no specific path for it and we mentioned it in doc[1] so It would be good if we can add above path to apparmor profile. + man page(over 2.0) has the path so I uploaded patch from F to Q + + [1] https://manpages.ubuntu.com/manpages/noble/man5/sssd.conf.5.html + + [Test Case] I don't have 100% the same reproducer but I can test simple one. sudo aa-exec -p /usr/sbin/sssd -- cat /etc/sssd/pki/sssd_auth_ca_db.pem - man page(over 2.0) has the path so I uploaded patch from F to Q + [Where problems could occur] + sssd will have more permission in /etc/sssd/pki/ - Thanks. - - [1] https://manpages.ubuntu.com/manpages/noble/man5/sssd.conf.5.html + [Others]
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2109673 Title: sssd apparmor profile need /etc/sssd/pki/** r To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2109673/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
