Andrew, you could try adding:
flags=(attach_disconnected)
to the profile attachment line:
/usr/sbin/ntpd flags=(attach_disconnected) {
And add:
/run/systemd/journal/dev-log w,
to the profile, then run:
apparmor_parser --replace /etc/apparmor.d/usr.sbin.ntpd # or whatever the filename is
See if that lets you get useful logs, any new messages in dmesg or auditd logs, etc.
Thanks
Andrew, you could try adding:
flags=( attach_ disconnected)
to the profile attachment line:
/usr/sbin/ntpd flags=( attach_ disconnected) {
And add:
/run/systemd/ journal/ dev-log w,
to the profile, then run:
apparmor_parser --replace /etc/apparmor. d/usr.sbin. ntpd # or whatever the filename is
See if that lets you get useful logs, any new messages in dmesg or auditd logs, etc.
Thanks