Ubuntu
ntp package

ntpd profile denies access to /etc/ld.so.preload

Bug #559628 reported by Michael Fritscher
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)
Won't Fix
Low
Unassigned

Bug Description

Binary package hint: ntp

loads of [225858.247276] type=1502 audit(1270850063.287:6656): operation="file_mmap" pid=16584 parent=16579 profile="/usr/sbin/ntpd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/etc/ld.so.preload"

Tags: apparmor
Chuck Short (zulcss)
tags: added: apparmor
Revision history for this message
Mathias Gug (mathiaz) wrote :

Could you provide more information about which version of the package you're running?

Changed in ntp (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Michael Fritscher (michael-fritscher) wrote :

current from lucid beta: Version: 1:4.2.4p8+dfsg-1ubuntu2

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'll mark this as Triaged, but I'm thinking that the profile is doing its job. From the ld.so man page:

/etc/ld.so.preload: File containing a whitespace separated list of ELF shared libraries to be loaded before the program. libraries and an ordered list of candidate libraries.

IMO, if the administrator wants to use /etc/ld.so.preload, then he/she should update the profile accordingly. This makes sense too because if the administrator updated /etc/ld.so.preload, there is a good chance the profile would have to be updated to allow access to the preload libraries anyway (ie simply adding this to the profile doesn't really 'fix' it).

Michael, if you want access to /etc/ld.so.preload (keeping in mind you may need to make other changes), please add to /etc/apparmor.d/usr.sbin.ntpd:
  /etc/ld.so.preload r,

then perform:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.ntpd

Changed in ntp (Ubuntu):
status: Incomplete → Triaged
summary: - yust another apparmor-message
+ ntpd profile denies access to /etc/ld.so.preload
Revision history for this message
Chuck Short (zulcss) wrote :

I second this based on Jamie's comments and marking this as wont fixed.

Regards
chuck

Changed in ntp (Ubuntu):
status: Triaged → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Michael, alternatively, if you don't want ntpd to access /etc/ld.so.preload but want to silence the message, please add to /etc/apparmor.d/usr.sbin.ntpd:
  deny /etc/ld.so.preload r,

then perform:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.ntpd

Revision history for this message
Michael Fritscher (michael-fritscher) wrote :

it seems that many programs seem to want to access this file...
I didn't ever touched this file, it is even empty (it is from 26.7.2009) - if it helps I could even delete this file...

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Michael, if you aren't using it, it is fine to delete.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.