Package: ntp
Version: 1:4.2.8p10+dfsg-3+deb9u2
Severity: important
Hello, after a few messages on the samba list we discovered a wrong path in the
apparmor profiles of ntp.
File : /etc/apparmor.d/usr.sbin.ntpd
Wrong:
# samba4 ntp signing socket
/{,var/}run/samba/ntp_signd/socket rw,
Correct:
# To sign replies to MS-SNTP clients by the smbd daemon in /var/lib/samba
/var/lib/samba/ntp_signd r,
/var/lib/samba/ntp_signd/{,*} rw,
# samba4 winbindd pipe
/{,var/}run/samba/winbindd r,
/{,var/}run/samba/winbindd/pipe r,
# samba4 winbindd_privileged pipe ? Needed, not sure here.
/var/lib/samba/winbindd_privileged r,
/var/lib/samba/winbindd/pipe r,
please verify the last one, im not a coder, sorry.
Now, above changes are important to have before the buster release,
because it could stop the timesync of domain joined pc's.
Best regards,
Louis
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ntp depends on:
ii adduser 3.115
ii dpkg 1.18.25
ii libc6 2.24-11+deb9u4
ii libcap2 1:2.25-1
ii libedit2 3.1-20160903-3
ii libopts25 1:5.18.12-3
ii libssl1.1 1.1.0j-1~deb9u1
ii lsb-base 9.20161125
ii netbase 5.4
Versions of packages ntp recommends:
ii perl 5.24.1-3+deb9u5
Versions of packages ntp suggests:
pn ntp-doc <none>
-- Configuration Files:
/etc/ntp.conf changed [not included]
-- no debconf information
