@knz, can you verify this still exists on your system and if so:
* Provide the version of ntp and apparmor you are using
* Command or what you do to get the error to show up
I was unable to reproduce on both xenial and yakkety. The versions I had
available to me are below and the only DENIED messages from
/var/log/kern.log are below in each instance when I ran 'sudo ntpd'
yakkety
---
powersj@ubuntu:/var/log$ dpkg -l | grep ntp
ii ntp 1:4.2.8p8+dfsg-1ubuntu1
amd64 Network Time Protocol daemon and utility programs
powersj@ubuntu:/var/log$ dpkg -l | grep apparmor
ii apparmor 2.10.95-4ubuntu4
amd64 user-space parser utility for AppArmor
Sep 7 17:44:17 ubuntu kernel: [ 138.147239] audit: type=1400
audit(1473284657.365:17): apparmor="DENIED" operation="open"
profile="/usr/sbin/ntpd" name="/usr/local/sbin/" pid=2179 comm="ntpd"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 7 17:44:17 ubuntu kernel: [ 138.147316] audit: type=1400
audit(1473284657.365:18): apparmor="DENIED" operation="open"
profile="/usr/sbin/ntpd" name="/usr/local/bin/" pid=2179 comm="ntpd"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
xenial
---
ubuntu@xenial:~$ dpkg -l | grep ntp
ii ntp 1:4.2.8p4+dfsg-3ubuntu5.1 amd64
Network Time Protocol daemon and utility programs
ubuntu@xenial:~$ dpkg -l | grep apparmor
ii apparmor 2.10.95-0ubuntu2.2 amd64
user-space parser utility for AppA
Sep 7 22:04:18 ubuntu kernel: [ 60.182587] audit: type=1400
audit(1473285858.665:15): apparmor="DENIED" operation="open"
profile="/usr/sbin/ntpd" name="/usr/local/sbin/" pid=3265 comm="ntpd"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 7 22:04:18 ubuntu kernel: [ 60.182675] audit: type=1400
audit(1473285858.665:16): apparmor="DENIED" operation="open"
profile="/usr/sbin/ntpd" name="/usr/local/bin/" pid=3265 comm="ntpd"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
** Changed in: ntp (Ubuntu)
Status: Confirmed => Incomplete
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1598759
Title:
incomplete apparmor definition for ntpd
Status in apparmor package in Ubuntu:
Incomplete
Status in ntp package in Ubuntu:
Incomplete
Bug description:
On this plain install of Xenial apparmor complains about ntpd:
[ 19.379152] audit: type=1400 audit(1467623330.386:27): apparmor="DENIED"
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket"
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
[ 20.379299] audit: type=1400 audit(1467623331.386:28): apparmor="DENIED"
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket"
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
[ 22.426246] audit: type=1400 audit(1467623333.434:29): apparmor="DENIED"
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket"
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
[ 22.771326] audit: type=1400 audit(1467623333.782:30): apparmor="DENIED"
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket"
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
[ 23.568548] audit: type=1400 audit(1467623334.574:31): apparmor="DENIED"
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket"
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
Adding the following line to /etc/apparmor.d/usr.sbin.ntpd fixes the
problem:
#include <abstractions/dbus-strict>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1598759/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
