[Touch-packages] [Bug 1598759] Re: AppArmor nameservice abstraction doesn't allow communication with systemd-resolve

Tue, 11 Oct 2016 15:15:59 -0700 

The correct fix for this issue is in AppArmor's nameservice abstraction.
Marking the ntp task as invalid as there's no change needed for the ntp
package itself.

** Changed in: ntp (Ubuntu)
       Status: Incomplete => Invalid

** Changed in: apparmor (Ubuntu)
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: apparmor (Ubuntu)
       Status: Incomplete => Triaged

** Also affects: apparmor
   Importance: Undecided
       Status: New

** Summary changed:

- AppArmor nameservice abstraction doesn't allow communication with 
systemd-resolve
+ AppArmor nameservice abstraction doesn't allow communication with 
systemd-resolved

** Changed in: apparmor
       Status: New => In Progress

** Changed in: apparmor
   Importance: Undecided => High

** Changed in: apparmor
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1598759

Title:
  AppArmor nameservice abstraction doesn't allow communication with
  systemd-resolved

Status in AppArmor:
  In Progress
Status in apparmor package in Ubuntu:
  Triaged
Status in ntp package in Ubuntu:
  Invalid

Bug description:
  On this plain install of Xenial apparmor complains about ntpd:

  [   19.379152] audit: type=1400 audit(1467623330.386:27): apparmor="DENIED" 
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket" 
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
  [   20.379299] audit: type=1400 audit(1467623331.386:28): apparmor="DENIED" 
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket" 
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
  [   22.426246] audit: type=1400 audit(1467623333.434:29): apparmor="DENIED" 
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket" 
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
  [   22.771326] audit: type=1400 audit(1467623333.782:30): apparmor="DENIED" 
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket" 
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0
  [   23.568548] audit: type=1400 audit(1467623334.574:31): apparmor="DENIED" 
operation="connect" profile="/usr/sbin/ntpd" name="/run/dbus/system_bus_socket" 
pid=4513 comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=121 ouid=0

  Adding the following line to /etc/apparmor.d/usr.sbin.ntpd fixes the
  problem:

      #include <abstractions/dbus-strict>

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1598759/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to