user [email protected]
usertags #904040 + help-needed
thanks
Dear App Armor Team!
I was reported about a bug on the way an apparmor profile behaves.
It appears to me that this issue might be tightly related to the way
apparmor is compiled on Ubuntu, since all my attempts to find similar
reports get isolated to Ubuntu's reports and bug fixes.
Would you be kind in advice on how to proceed with this? Is this
possible to be hit on Debian installations? If its not, Is it safe to
apply it on Debian without backfiring?
Thanks in advance
Your #1 fan,
\d
On 18/07/18 14:06, Stefano Rivera wrote:
Package: openntpd
Version: 1:6.2p3-1
Severity: normal
Tags: patch
Can't reproduce this in a quick check in Debian, but I can see it on
Ubuntu 18.04 machines, and this patch does the trick.
AppArmor denies openntpd access to syslog:
[1690592.258663] audit: type=1400 audit(1531921190.778:1052): apparmor="DENIED" operation="sendmsg" info="Failed name lookup -
disconnected path" error=-13 profile="/usr/sbin/ntpd" name="run/systemd/journal/dev-log" pid=2708 comm="ntpd"
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
This seems to be a known issue with apparmor + systemd
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1373070
And the workaround is a patch like this (which has already been applied
to ntpd).
SR
--
BOFH excuse #154:
You can tune a file system, but you can't tune a fish (from most tunefs man
pages)
