Web lists-archives.com

nscd errors with AppArmor




Hello all,

I have an annoying bug or something not configured properly with the
nscd library, that is visible with AppArmor.

This is happening at least with Apache and Dovecot.

With Dovecot:
> Feb 15 06:51:19 portal kernel: [2105960.896749] audit: type=1400 audit(1550213479.204:6722): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=6180 comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> Feb 15 07:04:30 portal kernel: [2106752.493506] audit: type=1400 audit(1550214270.805:6723): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=6653 comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> Feb 15 07:47:27 portal kernel: [2109329.163406] audit: type=1400 audit(1550216847.487:6724): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=8221 comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> 

With Apache:
> Feb 15 06:25:22 portal kernel: [2104404.314334] audit: type=1400 audit(1550211922.612:6713): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2" name="var/cache/nscd/hosts" pid=5144 comm="apache2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> Feb 15 06:25:22 portal kernel: [2104404.678807] audit: type=1400 audit(1550211922.976:6714): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2" name="var/cache/nscd/passwd" pid=5144 comm="apache2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> Feb 15 06:25:22 portal kernel: [2104404.679772] audit: type=1400 audit(1550211922.980:6715): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2" name="var/cache/nscd/group" pid=5144 comm="apache2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> 

Basically, the query to open nscd cache files is missing the heading
'/' character.

Does anyone has an idea where this is coming from?

Thanks,
André

-- 
André Rodier
HomeBox: https://github.com/progmaticltd/homebox