Ubuntu
openntpd package

Comment 36 for bug 1727202

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2018-11-27: Re: [Bug 1727202] Re: [17.10 regression] AppArmor ntp denial: Failed name lookup - disconnected path

#36

On Tue, Nov 27, 2018 at 01:22:10AM -0000, Robert Dinse wrote:
> I have since upgraded to 18.10 and I don't even see an apparmor profile
> for ntp anymore.

That's curious. This is in the source package:

# vim:syntax=apparmor
#include <tunables/global>

/usr/sbin/ntpd flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/nameservice>

# conf
/etc/openntpd/ntpd.conf r,

  # capabilities
  capability kill,
  capability sys_chroot,
  capability setgid,
  capability setuid,
  capability sys_time,
  capability sys_nice,

  /usr/sbin/ntpd mrix,
  /var/lib/openntpd/db/ntpd.drift rw,
  /var/lib/openntpd/run/ntpd.sock rw,

}

It looks like half the change has already been integrated, but not the
systemd-journald socket.

> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
> Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
> Knowledgeable human assistance, not telephone trees or script readers.
> See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

Ah this takes me back. :) I learned a huge amount on irc.eskimo.com back
in the day. Belated by two decades, thanks!

Thanks

Ubuntuopenntpd package

Comment 36 for bug 1727202

Ubuntu
openntpd package