Ubuntu
apparmor package

ntp apparmor profile problem

Bug #1733070 reported by Paul M
22
This bug affects 5 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

the apparmor logs shows a couple of problems:

Nov 18 13:07:45 carol kernel: [107615.254389] audit: type=1400 audit(1511010465.396:304): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/ntpd" name="run/systemd/journal/dev-log" pid=16818 comm="ntpd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0

and

Nov 18 13:07:45 carol kernel: [107615.253441] audit: type=1400 audit(1511010465.395:300): apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/usr/local/bin/" pid=16815 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

I fixed these by amending /etc/apparmor.d/usr.sbin.ntpd...

change the opening to this:
  /usr/sbin/ntpd flags=(attach_disconnected) {

add these:
  # syslog
  /run/systemd/journal/dev-log w,

  # not sure why it needs this
  /usr/local/bin/ r,

Revision history for this message
Paul M (speculatrix) wrote :

this exists in 17.10 xubuntu

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1733070

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Paul M (speculatrix) wrote :

I quoted specific examples from the apparmor logs, was that not enough?

Revision history for this message
Paul M (speculatrix) wrote :

I will try collecting the log again. It's easy enough to undo the fix.

Revision history for this message
Paul M (speculatrix) wrote :
Revision history for this message
Paul M (speculatrix) wrote :

Ok, the log hadn't been rotated/lost, so I simply filtered out the ntp events from syslog

Paul M (speculatrix)
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Joseph Salisbury (jsalisbury)
affects: linux (Ubuntu) → apparmor (Ubuntu)
Changed in apparmor (Ubuntu):
status: Confirmed → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
Gordon Lack (gordon-lack) wrote :

It's not new. This has been reported before.
See:
   https://bugs.launchpad.net/mos/+bug/1475019

Revision history for this message
Gordon Lack (gordon-lack) wrote :

Oh, and there is also:
   https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1727202
with a proposed fix from a few a days ago, at least for some of this.

Revision history for this message
Paul M (speculatrix) wrote :

apologies if I accidentally created a duplicate, I did search for an issue!

this one should be amended to put "ntp" or "ntpd" in the title:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1727202

I guess I didn't find this, perhaps because when I searched I didn't try the Mirantis/Openstack product, just bugs in the OS or main distribution:
https://bugs.launchpad.net/mos/+bug/1475019

I think this bug and the 1475019 one could be marked as dupes of 1727202

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.