ntp apparmor profile problem

Bug #1733070 reported by Paul M on 2017-11-18
22
This bug affects 5 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

the apparmor logs shows a couple of problems:

Nov 18 13:07:45 carol kernel: [107615.254389] audit: type=1400 audit(1511010465.396:304): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/ntpd" name="run/systemd/journal/dev-log" pid=16818 comm="ntpd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0

and

Nov 18 13:07:45 carol kernel: [107615.253441] audit: type=1400 audit(1511010465.395:300): apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/usr/local/bin/" pid=16815 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

I fixed these by amending /etc/apparmor.d/usr.sbin.ntpd...

change the opening to this:
  /usr/sbin/ntpd flags=(attach_disconnected) {

add these:
  # syslog
  /run/systemd/journal/dev-log w,

  # not sure why it needs this
  /usr/local/bin/ r,

Paul M (speculatrix) wrote :

this exists in 17.10 xubuntu

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1733070

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Paul M (speculatrix) wrote :

I quoted specific examples from the apparmor logs, was that not enough?

Paul M (speculatrix) wrote :

I will try collecting the log again. It's easy enough to undo the fix.

Paul M (speculatrix) wrote :
Paul M (speculatrix) wrote :

Ok, the log hadn't been rotated/lost, so I simply filtered out the ntp events from syslog

Paul M (speculatrix) on 2017-11-19
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
affects: linux (Ubuntu) → apparmor (Ubuntu)
Changed in apparmor (Ubuntu):
status: Confirmed → New
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Gordon Lack (gordon-lack) wrote :

It's not new. This has been reported before.
See:
   https://bugs.launchpad.net/mos/+bug/1475019

Gordon Lack (gordon-lack) wrote :

Oh, and there is also:
   https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1727202
with a proposed fix from a few a days ago, at least for some of this.

Paul M (speculatrix) wrote :

apologies if I accidentally created a duplicate, I did search for an issue!

this one should be amended to put "ntp" or "ntpd" in the title:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1727202

I guess I didn't find this, perhaps because when I searched I didn't try the Mirantis/Openstack product, just bugs in the OS or main distribution:
https://bugs.launchpad.net/mos/+bug/1475019

I think this bug and the 1475019 one could be marked as dupes of 1727202

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers