subject:"\[Group.of.nepali.translators\] \[Bug 1582767\] Re\: apparmor permissions missing for winbind"

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

2017-06-19 Thread Bug Watch Updater

** Changed in: ntp (Debian)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582767

Title:
  apparmor permissions missing for winbind

Status in ntp package in Ubuntu:
  Fix Released
Status in ntp source package in Xenial:
  Won't Fix
Status in ntp package in Debian:
  Fix Released

Bug description:
  When using Winbind, ntpd needs to access the Winbind pipe:

  May 17 16:23:15 bo kernel: [   27.598551] type=1400
  audit(1463494995.048:18): apparmor="DENIED" operation="connect"
  profile="/usr/sbin/ntpd" name="/run/samba/winbindd/pipe" pid=1517
  comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0

  Would there be any reason not to allow this ? I added the following
  line to /etc/apparmor/init/network-interface-security/usr.sbin.ntpd:

  /run/samba/winbindd/pipe rw,

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1582767/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

2017-05-03 Thread ChristianEhrhardt

I realized we carry this as Delta and there was no Debian report yet, I
opened one and linked it up here.

** Bug watch added: Debian Bug tracker #861727
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861727

** Also affects: ntp (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861727
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582767

Title:
  apparmor permissions missing for winbind

Status in ntp package in Ubuntu:
  Fix Released
Status in ntp source package in Xenial:
  Won't Fix
Status in ntp package in Debian:
  Unknown

Bug description:
  When using Winbind, ntpd needs to access the Winbind pipe:

  May 17 16:23:15 bo kernel: [   27.598551] type=1400
  audit(1463494995.048:18): apparmor="DENIED" operation="connect"
  profile="/usr/sbin/ntpd" name="/run/samba/winbindd/pipe" pid=1517
  comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0

  Would there be any reason not to allow this ? I added the following
  line to /etc/apparmor/init/network-interface-security/usr.sbin.ntpd:

  /run/samba/winbindd/pipe rw,

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1582767/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

2016-08-26 Thread ChristianEhrhardt

Hi,
just to note I'd consider this not important enough for an SRU given the fact 
that it is a very rare case and people can add the rule themselves if the need 
to.

** Changed in: ntp (Ubuntu Xenial)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582767

Title:
  apparmor permissions missing for winbind

Status in ntp package in Ubuntu:
  Fix Released
Status in ntp source package in Xenial:
  Won't Fix

Bug description:
  When using Winbind, ntpd needs to access the Winbind pipe:

  May 17 16:23:15 bo kernel: [   27.598551] type=1400
  audit(1463494995.048:18): apparmor="DENIED" operation="connect"
  profile="/usr/sbin/ntpd" name="/run/samba/winbindd/pipe" pid=1517
  comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0

  Would there be any reason not to allow this ? I added the following
  line to /etc/apparmor/init/network-interface-security/usr.sbin.ntpd:

  /run/samba/winbindd/pipe rw,

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1582767/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

2016-07-30 Thread Launchpad Bug Tracker

This bug was fixed in the package ntp - 1:4.2.8p8+dfsg-1ubuntu1

---
ntp (1:4.2.8p8+dfsg-1ubuntu1) yakkety; urgency=medium

  [ Christian Ehrhardt ]
  * Merge from Debian testing. Remaining changes:
+ debian/rules: enable debugging. Asked debian to add this in bug #643954.
+ debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
+ debian/control: Add Suggests on apparmor.
+ debian/source_ntp.py: Add filter on AppArmor profile names to prevent
  false positives from denials originating in other packages
+ debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
  running ntpdate when an interface comes up, then start again afterwards.
+ debian/ntp.init, debian/rules: Only stop when entering single user mode,
  don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can
  get stale. Patch by Simon Déziel.
+ debian/ntp.conf, debian/ntpdate.default: Change default server to
  ntp.ubuntu.com.
+ debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y).
+ Extend PPS support
  - debian/README.Debian: Add a PPS section to the README.Debian
  - debian/ntp.conf: Add some configuration examples from the offical
documentation.
+ SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
  - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
  - CVE-2016-0727
+ Merge also contains an upstream fix that solves (LP: #1567540)
  * Added changes
+ match Ubuntu packages now that Debian has ntp apparmor accepted in
  d/control for Apparmor conflicts/replaces
+ d/apparmor-profile add samba winbindd pipe (LP: #1582767)
  * Drop Changes:
+ Add enforcing AppArmor profile (accepted in Debian):
  - debian/control: Add Conflicts/Replaces on apparmor-profiles.
  - debian/control: Add Suggests on apparmor.
  - debian/control: Build-Depends on dh-apparmor.
  - add debian/apparmor-profile*.
  - debian/ntp.dirs: Add apparmor directories.
  - debian/rules: Install apparmor-profile and apparmor-profile.tunable.
  - debian/source_ntp.py: Add filter on AppArmor profile names to prevent
false positives from denials originating in other packages.
  - debian/README.Debian: Add note on AppArmor.
+ Add PPS support (accepted in Debian)
  - debian/control: Add Build-Depends on pps-tools
+ debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices.
+ d/p/fix_local_sync.patch: fix local clock sync (fixed upstream)
+ debian/patches/ntpdate-fix-lp1526264.patch (fixed upstream):
  - Add Alfonso Sanchez-Beato's patch for fixing the cannot correct dates in
the future bug
+ debian/apparmor-profile: adjust to handle AF_UNSPEC with dgram and stream
+ dropping previous ubuntu security patches/fixes that have been upstreamed
  in 4.2.8p6: CVE-2015-7973, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977,
  CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158
+ dropping previous ubuntu security patches/fixes that have been upstreamed
  in 4.2.8p7: CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518,
  CVE-2015-7974, CVE-2016-1547

  [ Robie Basak ]
  * Restore AppArmor entries in debian/ntp.dirs.

ntp (1:4.2.8p8+dfsg-1) unstable; urgency=high

  * New usptream version
- Fixes security issues

ntp (1:4.2.8p7+dfsg-4) unstable; urgency=high

  * Update apparmor-profiles-extra again now we now in which version they
removed it.
  * Call dh_apparmor.  Add build-depends on dh-apparmor.  (Closes: #824767)

ntp (1:4.2.8p7+dfsg-3) unstable; urgency=medium

  [ Hideki Yamane ]
  * Properly enable Apparmor profile from Ubuntu (Closes: #823024)
Patch from Hideki Yamane 
  * Update replace/breaks versions of apparmor-profiles-extra
(Closes: #805183)

ntp (1:4.2.8p7+dfsg-2) unstable; urgency=medium

  * Only build-depend on pps-tools on Linux

ntp (1:4.2.8p7+dfsg-1) unstable; urgency=medium

  * New upstream version
This might fix a few CVEs.
  * Drop CVE-2015-5300.patch and CVE-2015-7704.patch now claimed to
be fixed upstream.
  * Remove Bdale from uploaders (Closes: #804377)
  * Remove section about patching the kernel for PPS support, it's already
included in the kernel (Closes: #811171)
  * Pass --build and --host to configure. (Closes: #315935)
Patch from Helmut Grohne 
  * Missing Build-Depends libopts25-dev (which is not implicit in autogen,
because autogen is M-A:foreign).
Patch from Helmut Grohne 
  * Fix ntp.dhcp to also check for pool and better handle spaces and tabs.
(Closes: #809344, #806676)
  * Change watch file to use https (Closes: #793926)
  * Hook into NetworkManager to update ntp servers from dhcp. (Closes:
#778415).  Patch from Helmut Grohne 
  * Build Depend on pps-tools (Closes: #691672)
  * Don't run ntpdate when method is

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

2016-07-28 Thread Robie Basak

** Also affects: ntp (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1582767

Title:
  apparmor permissions missing for winbind

Status in ntp package in Ubuntu:
  Triaged
Status in ntp source package in Xenial:
  New

Bug description:
  When using Winbind, ntpd needs to access the Winbind pipe:

  May 17 16:23:15 bo kernel: [   27.598551] type=1400
  audit(1463494995.048:18): apparmor="DENIED" operation="connect"
  profile="/usr/sbin/ntpd" name="/run/samba/winbindd/pipe" pid=1517
  comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0

  Would there be any reason not to allow this ? I added the following
  line to /etc/apparmor/init/network-interface-security/usr.sbin.ntpd:

  /run/samba/winbindd/pipe rw,

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1582767/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

[Group.of.nepali.translators] [Bug 1582767] Re: apparmor permissions missing for winbind

5 matches

Site Navigation

Mail list logo

Footer information