The verification of the Stable Release Update for ntp has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1741227 Title: apparmor denial to several paths to binaries Status in ntp package in Ubuntu: Fix Released Status in ntp source package in Artful: Fix Released Bug description: [Impact] * Apparmor denies access to bin directories which the option parsing code of ntp touches. [Test Case] 1. get a container of target release 2. install ntp apt install ntp 3. watch dmesg on container-host dmesg -w 4. restart ntp in container systemctl restart ntp => see (or no more after fix) apparmor denie: apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/usr/local/sbin/" pid=23933 comm="ntpd" requested_mask="r" denied_mask="r" apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/usr/local/bin/" pid=23933 comm="ntpd" requested_mask="r" denied_mask="r" [Regression Potential] * we are only slightly opening up the apparmor profile, but none of the changes poses a security risk so regression potential on it's own should be close to zero. * we discussed if this would be a security risk but came to the conclusion that r-only should be ok (the same content anyone can grab from the archive by installing the packages) [Other Info] * n/a Issue shows up (non fatal) as: apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/usr/local/sbin/" pid=23933 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/usr/local/bin/" pid=23933 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Since non crit this is mostyl about many of us being curious why it actually does do it :-) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1741227/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
