apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and capability block_suspend
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ntp (Ubuntu) |
Expired
|
Low
|
Unassigned |
Bug Description
PRETTY_NAME="Ubuntu quantal (12.10)"
VERSION="12.10, Quantal Quetzal"
Package: ntp
Priority: optional
Section: net
Installed-Size: 1384
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Bugs: https:/
Architecture: i386
Version: 1:4.2.6.
In the system auth log files and dmesg the following apparmor messages are seen --
type=1400 audit(137500431
type=1400 audit(137500431
type=1400 audit(137500432
Does ntpd really need WRITE privileges on /run/samba/
Also why does ntpd need block_suspend capability?
At a minimum read access to the gencache should be enabled for ntp in its profile, and probably read+write in the samba profile which is also missing for usr.sbin.smbd in the samba 2:3.6.6-3ubuntu5 package.
Changed in ntp (Ubuntu): | |
importance: | Undecided → Low |
status: | Expired → New |
Thanks for reporting this bug.
Can you show your ntp configuration?