[Touch-packages] [Bug 1205875] Re: apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and capability block_suspend

ChristianEhrhardt Fri, 29 Apr 2016 07:57:49 -0700

Sorry - I know it's a long time, but I'm cleaning up old NTP bugs atm.

It sounds as it is of low priority (according to the reports it works other 
than annoying messages).
Also a long time has passed and we haven't seen any similar bug or people 
chiming in here.


Since things surely have changed a lot all around in all the time I'd
set the bug incomplete to check if it is still reproducible and also "if
anybody still cares". The effort to recreate if nobody cares is too high
to "just do it".

That said, setting invalid - please reset to new if this still bothers
your system son one can take a second look at it.

** Changed in: ntp (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1205875

Title:
  apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and
  capability block_suspend

Status in ntp package in Ubuntu:
  Incomplete

Bug description:
  PRETTY_NAME="Ubuntu quantal (12.10)"
  VERSION="12.10, Quantal Quetzal"

  Package: ntp
  Priority: optional
  Section: net
  Installed-Size: 1384
  Origin: Ubuntu
  Maintainer: Ubuntu Developers <[email protected]>
  Bugs: https://bugs.launchpad.net/ubuntu/+filebug
  Architecture: i386
  Version: 1:4.2.6.p3+dfsg-1ubuntu5

  In the system auth log files and dmesg the following apparmor messages
  are seen --

  type=1400 audit(1375004313.012:40): apparmor="DENIED" operation="open"
  parent=1 profile="/usr/sbin/ntpd" name="/run/samba/gencache.tdb"
  pid=2540 comm="ntpd" requested_mask="wc" denied_mask="wc" fsuid=0
  ouid=0

  type=1400 audit(1375004313.016:41): apparmor="DENIED"
  operation="capable" parent=1 profile="/usr/sbin/ntpd" pid=2540
  comm="ntpd" pid=2540 comm="ntpd" capability=36
  capname="block_suspend"

  type=1400 audit(1375004322.652:42): apparmor="DENIED"
  operation="capable" parent=1 profile="/usr/sbin/ntpd" pid=2540
  comm="ntpd" pid=2540 comm="ntpd" capability=36
  capname="block_suspend"

  
  Does ntpd really need WRITE privileges on /run/samba/gencache.tdb ?   Should 
not READ be sufficient?

  Also why does ntpd need block_suspend capability?

  At a minimum read access to the gencache should be enabled for ntp in
  its profile, and probably read+write in the samba profile which is
  also missing  for usr.sbin.smbd in the samba  2:3.6.6-3ubuntu5
  package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1205875/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1205875] Re: apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and capability block_suspend

Reply via email to