Hello ChristianEhrhardt, or anyone else affected,

Accepted ntp into artful-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-
5ubuntu3.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-artful to verification-done-artful. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-artful. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: ntp (Ubuntu Artful)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-artful

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1741227

Title:
  apparmor denial to several paths to binaries

Status in ntp package in Ubuntu:
  Fix Released
Status in ntp source package in Artful:
  Fix Committed

Bug description:
  [Impact]

   * Apparmor denies access to bin directories which the option parsing code 
     of ntp touches.

  [Test Case]

   1. get a container of target release
   2. install ntp
      apt install ntp
   3. watch dmesg on container-host
      dmesg -w
   4. restart ntp in container
      systemctl restart ntp
   => see (or no more after fix) apparmor denie:
   apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" 
name="/usr/local/sbin/" pid=23933 comm="ntpd" requested_mask="r" denied_mask="r"
   apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" 
name="/usr/local/bin/" pid=23933 comm="ntpd" requested_mask="r" denied_mask="r"

  [Regression Potential]

   * we are only slightly opening up the apparmor profile, but none of the
     changes poses a security risk so regression potential on it's own
     should be close to zero.

   * we discussed if this would be a security risk but came to the 
     conclusion that r-only should be ok (the same content anyone can grab 
     from the archive by installing the packages)

  [Other Info]

   * n/a

  Issue shows up (non fatal) as:
   apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" 
name="/usr/local/sbin/" pid=23933 comm="ntpd" requested_mask="r" 
denied_mask="r" fsuid=0 ouid=0
   apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" 
name="/usr/local/bin/" pid=23933 comm="ntpd" requested_mask="r" denied_mask="r" 
fsuid=0 ouid=0

  Since non crit this is mostyl about many of us being curious why it
  actually does do it :-)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1741227/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to