Package: chrony
Severity: important
Hello, after a few messages on the samba list we discovered a wrong path in the
apparmor profiles of chrony.
File : /etc/apparmor.d/usr.sbin.chrony
Wrong:
# samba4 ntp signing socket
/{,var/}run/samba/ntp_signd/socket rw,
Correct:
# To sign replies to MS-SNTP clients by the smbd daemon in /var/lib/samba
/var/lib/samba/ntp_signd r,
/var/lib/samba/ntp_signd/{,*} rw,
# samba4 winbindd pipe
/{,var/}run/samba/winbindd r,
/{,var/}run/samba/winbindd/pipe r,
# samba4 winbindd_privileged pipe ? Needed, not sure here.
/var/lib/samba/winbindd_privileged r,
/var/lib/samba/winbindd/pipe r,
please verify the last one, im not a coder, sorry.
Now, above changes are important to have before the buster release,
because it could stop the timesync of domain joined pc's.
Best regards,
Louis
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages chrony depends on:
ii adduser 3.115
ii init-system-helpers 1.48
ii iproute2 4.9.0-1+deb9u1
ii libc6 2.24-11+deb9u4
ii libcap2 1:2.25-1
ii libedit2 3.1-20160903-3
ii libseccomp2 2.3.1-2.1+deb9u1
pn libtomcrypt0 <none>
ii lsb-base 9.20161125
ii ucf 3.0036
ii util-linux 2.29.2-1+deb9u1
chrony recommends no packages.
chrony suggests no packages.
