File: nameservice

package info (click to toggle)
apparmor 2.13.4-3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 28,524 kB
  • sloc: python: 19,111; ansic: 17,059; perl: 11,105; sh: 10,461; cpp: 5,396; yacc: 1,950; makefile: 1,678; pascal: 1,097; lex: 1,092; ruby: 374; exp: 250; java: 212; xml: 159
file content (106 lines) | stat: -rw-r--r-- 3,430 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2009 Novell/SUSE
#    Copyright (C) 2009-2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

  # Many programs wish to perform nameservice-like operations, such as
  # looking up users by name or id, groups by name or id, hosts by name
  # or IP, etc. These operations may be performed through files, dns,
  # NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here.
  /etc/group              r,
  /etc/host.conf          r,
  /etc/hosts              r,
  /etc/nsswitch.conf      r,
  /etc/gai.conf           r,
  /etc/passwd             r,
  /etc/protocols          r,

  # libtirpc (used for NIS/YP login) needs this
  /etc/netconfig r,

  # When using libnss-extrausers, the passwd and group files are merged from
  # an alternate path
  /var/lib/extrausers/group  r,
  /var/lib/extrausers/passwd r,

  # NSS records from systemd-userdbd.service
  /{,var/}run/systemd/userdb/ r,
  /{,var/}run/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
  @{PROC}/sys/kernel/random/boot_id r,

  # When using sssd, the passwd and group files are stored in an alternate path
  # and the nss plugin also needs to talk to a pipe
  /var/lib/sss/mc/group   r,
  /var/lib/sss/mc/initgroups r,
  /var/lib/sss/mc/passwd  r,
  /var/lib/sss/pipes/nss  rw,

  /etc/resolv.conf        r,
  # On systems where /etc/resolv.conf is managed programmatically, it is
  # a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf.
  /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r,
  /etc/resolvconf/run/resolv.conf r,
  /{,var/}run/systemd/resolve/stub-resolv.conf r,

  /etc/samba/lmhosts      r,
  /etc/services           r,
  # db backend
  /var/lib/misc/*.db      r,
  # The Name Service Cache Daemon can cache lookups, sometimes leading
  # to vast speed increases when working with network-based lookups.
  /{,var/}run/.nscd_socket   rw,
  /{,var/}run/nscd/socket    rw,
  /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts}    r,
  # nscd renames and unlinks files in it's operation that clients will
  # have open
  /{,var/}run/nscd/db*  rmix,

  # The nss libraries are sometimes used in addition to PAM; make sure
  # they are available
  /{usr/,}lib{,32,64}/libnss_*.so*      mr,
  /{usr/,}lib/@{multiarch}/libnss_*.so*      mr,
  /etc/default/nss               r,

  # avahi-daemon is used for mdns4 resolution
  /{,var/}run/avahi-daemon/socket rw,

  # libnl-3-200 via libnss-gw-name
  @{PROC}/@{pid}/net/psched r,
  /etc/libnl-*/classid r,

  # nis
  #include <abstractions/nis>

  # ldap
  #include <abstractions/ldapclient>

  # winbind
  #include <abstractions/winbind>

  # likewise
  #include <abstractions/likewise>

  # mdnsd
  #include <abstractions/mdns>

  # kerberos
  #include <abstractions/kerberosclient>

  # TCP/UDP network access
  network inet  stream,
  network inet6 stream,
  network inet  dgram,
  network inet6 dgram,

  # TODO: adjust when support finer-grained netlink rules
  # Netlink raw needed for nscd
  network netlink raw,

  # interface details
  @{PROC}/@{pid}/net/route r,