[Touch-packages] [Bug 1205875] Re: apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and capability block_suspend

Tue, 28 Jun 2016 21:27:01 -0700 

[Expired for ntp (Ubuntu) because there has been no activity for 60
days.]

** Changed in: ntp (Ubuntu)
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1205875

Title:
  apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and
  capability block_suspend

Status in ntp package in Ubuntu:
  Expired

Bug description:
  PRETTY_NAME="Ubuntu quantal (12.10)"
  VERSION="12.10, Quantal Quetzal"

  Package: ntp
  Priority: optional
  Section: net
  Installed-Size: 1384
  Origin: Ubuntu
  Maintainer: Ubuntu Developers <[email protected]>
  Bugs: https://bugs.launchpad.net/ubuntu/+filebug
  Architecture: i386
  Version: 1:4.2.6.p3+dfsg-1ubuntu5

  In the system auth log files and dmesg the following apparmor messages
  are seen --

  type=1400 audit(1375004313.012:40): apparmor="DENIED" operation="open"
  parent=1 profile="/usr/sbin/ntpd" name="/run/samba/gencache.tdb"
  pid=2540 comm="ntpd" requested_mask="wc" denied_mask="wc" fsuid=0
  ouid=0

  type=1400 audit(1375004313.016:41): apparmor="DENIED"
  operation="capable" parent=1 profile="/usr/sbin/ntpd" pid=2540
  comm="ntpd" pid=2540 comm="ntpd" capability=36
  capname="block_suspend"

  type=1400 audit(1375004322.652:42): apparmor="DENIED"
  operation="capable" parent=1 profile="/usr/sbin/ntpd" pid=2540
  comm="ntpd" pid=2540 comm="ntpd" capability=36
  capname="block_suspend"

  
  Does ntpd really need WRITE privileges on /run/samba/gencache.tdb ?   Should 
not READ be sufficient?

  Also why does ntpd need block_suspend capability?

  At a minimum read access to the gencache should be enabled for ntp in
  its profile, and probably read+write in the samba profile which is
  also missing  for usr.sbin.smbd in the samba  2:3.6.6-3ubuntu5
  package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1205875/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to