Bug 361548 - adaption of the AppArmor profile for ntpd
Summary: adaption of the AppArmor profile for ntpd
Status: RESOLVED FIXED
Alias: None
Product: openSUSE 11.0
Classification: openSUSE
Component: AppArmor (show other bugs)
Version: Alpha 2
Hardware: i686 openSUSE 11.0
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Peter Varkoly
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on: 365515
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-13 16:52 UTC by Kai Ponte
Modified: 2008-05-05 21:06 UTC (History)
3 users (show)

See Also:
Found By: Customer
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kai Ponte 2008-02-13 16:52:55 UTC 
Trying to launch ntpd I get the following message:

bigbottom:/home/perfectreign # /etc/init.d/ntp start
 Starting network time protocol daemon (NTPD)***Permission denied
 ***Permission denied
 ***Permission denied
 ***Permission denied
 ***Permission denied

AppArmor has the following log information:

bigbottom:/home/perfectreign # tail /var/log/messages
Feb 11 13:55:16 bigbottom ntpd[1937]: process_private: failed auth 1 
info_auth_keyid 0 pkt keyid 1
Feb 11 13:55:16 bigbottom /etc/init.d/ntp: runtime configuration:
Feb 11 13:55:17 bigbottom ntpd[1937]: process_private: failed auth 1 
info_auth_keyid 0 pkt keyid 1
Feb 11 13:55:17 bigbottom /etc/init.d/ntp: runtime configuration:
Feb 11 13:55:17 bigbottom ntpd[1937]: process_private: failed auth 1 
info_auth_keyid 0 pkt keyid 1
Feb 11 13:55:17 bigbottom /etc/init.d/ntp: runtime configuration:
Feb 11 13:55:17 bigbottom ntpd[1937]: process_private: failed auth 1 
info_auth_keyid 0 pkt keyid 1
Feb 11 13:55:17 bigbottom /etc/init.d/ntp: runtime configuration:
Feb 11 13:55:17 bigbottom ntpd[1937]: process_private: failed auth 1 
info_auth_keyid 0 pkt keyid 1
Feb 11 13:55:17 bigbottom /etc/init.d/ntp: runtime configuration:




bigbottom:/var/log/audit # tail ./audit.log
type=DAEMON_START msg=audit(1202746845.102:437): auditd start, ver=1.6.2, 
format=raw, auid=4294967295 pid=1852 res=success, auditd pid=1852
type=CONFIG_CHANGE msg=audit(1202746845.202:3): audit_enabled=0 old=0 by 
auid=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1202746845.211:4): audit_backlog_limit=320 old=64 
by auid=4294967295 res=1
type=DAEMON_START msg=audit(1202747214.590:926): auditd start, ver=1.6.2, 
format=raw, auid=4294967295 pid=1706 res=success, auditd pid=1706
type=CONFIG_CHANGE msg=audit(1202747214.676:4): audit_enabled=0 old=0 by 
auid=4294967295 res=1
type=APPARMOR_DENIED msg=audit(1202764431.476:5):  type=1503 
operation="inode_permission" requested_mask="r" denied_mask="r" 
name="/etc/ntp.conf.tmp" pid=7169 profile="/usr/sbin/ntpd"
type=APPARMOR_DENIED msg=audit(1202764837.773:6):  type=1503 
operation="inode_permission" requested_mask="r" denied_mask="r" 
name="/etc/ntp.conf.tmp" pid=7573 profile="/usr/sbin/ntpd"
type=DAEMON_END msg=audit(1202766140.946:927): auditd normal halt, sending 
auid=0 pid=9557 subj= res=success, auditd pid=1706
type=DAEMON_START msg=audit(1202766204.315:8809): auditd start, ver=1.6.2, 
format=raw, auid=4294967295 pid=1843 res=success, auditd pid=1843
type=CONFIG_CHANGE msg=audit(1202766204.375:4): audit_enabled=0 old=0 by 
auid=4294967295 res=1
Comment 1 Marcus Meissner 2008-02-13 21:54:16 UTC 
something for JJ I guess.
Comment 2 Forgotten User ZhJd0F0L3x 2008-03-13 09:18:58 UTC 
Still in Factory, had to disable Apparmor to be able to use ntp...
Comment 3 Andreas Gruenbacher 2008-03-13 10:06:22 UTC 
This is due to how the init script messes with /etc/ntp.conf. Henny, could you please update the profile as necessary (apparmor.d/usr.sbin.ntpd in apparmor-profiles)?
Comment 4 Andreas Schneider 2008-03-25 11:20:43 UTC 
*** Bug 333525 has been marked as a duplicate of this bug. ***
Comment 5 Peter Varkoly 2008-05-05 21:04:50 UTC 
fixed