Public bug reported: PRETTY_NAME="Ubuntu quantal (12.10)" VERSION="12.10, Quantal Quetzal"
Package: ntp Priority: optional Section: net Installed-Size: 1384 Origin: Ubuntu Maintainer: Ubuntu Developers <[email protected]> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Architecture: i386 Version: 1:4.2.6.p3+dfsg-1ubuntu5 In the system auth log files and dmesg the following apparmor messages are seen -- type=1400 audit(1375004313.012:40): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/gencache.tdb" pid=2540 comm="ntpd" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0 type=1400 audit(1375004313.016:41): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/ntpd" pid=2540 comm="ntpd" pid=2540 comm="ntpd" capability=36 capname="block_suspend" type=1400 audit(1375004322.652:42): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/ntpd" pid=2540 comm="ntpd" pid=2540 comm="ntpd" capability=36 capname="block_suspend" Does ntpd really need WRITE privileges on /run/samba/gencache.tdb ? Should not READ be sufficient? Also why does ntpd need block_suspend capability? At a minimum read access to the gencache should be enabled for ntp in its profile, and probably read+write in the samba profile which is also missing for usr.sbin.smbd in the samba 2:3.6.6-3ubuntu5 package. ** Affects: ntp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1205875 Title: apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and capability block_suspend To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1205875/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
