On Tue, Nov 27, 2018 at 01:22:10AM -0000, Robert Dinse wrote:
> I have since upgraded to 18.10 and I don't even see an apparmor profile 
> for ntp anymore.

That's curious. This is in the source package:

# vim:syntax=apparmor
#include <tunables/global>

/usr/sbin/ntpd flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  # conf
  /etc/openntpd/ntpd.conf r,

  # capabilities
  capability kill,
  capability sys_chroot,
  capability setgid,
  capability setuid,
  capability sys_time,
  capability sys_nice,

  /usr/sbin/ntpd mrix,
  /var/lib/openntpd/db/ntpd.drift rw,
  /var/lib/openntpd/run/ntpd.sock rw,

}

It looks like half the change has already been integrated, but not the
systemd-journald socket.

> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
>   Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
>     Knowledgeable human assistance, not telephone trees or script readers.
>   See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

Ah this takes me back. :) I learned a huge amount on irc.eskimo.com back
in the day. Belated by two decades, thanks!

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1727202

Title:
  [17.10 regression] AppArmor ntp denial: Failed name lookup -
  disconnected path

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1727202/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to