[pkg-apparmor] [PATCH 2/6] Add a profile for ntpd.
intrigeri
intrigeri at debian.org
Sat Aug 30 18:42:48 UTC 2014
Felix Geyer wrote (29 Aug 2014 21:19:21 GMT) :
> ---
> debian/README.Debian | 1 +
> debian/copyright | 22 ++++++++++++++
> profiles/tunables/ntpd | 15 ++++++++++
> profiles/usr.sbin.ntpd | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 119 insertions(+)
> create mode 100644 profiles/tunables/ntpd
> create mode 100644 profiles/usr.sbin.ntpd
ACK (I'll compare the profiles with the ones from Ubuntu before
merging).
However, this profile may not be loaded soon enough to be actually
applied, see Debian#670170 -- Ubuntu does that with upstart, and we
don't have the corresponding systemd bits in sid yet.
Did you try how it goes on current Debian sid, in practice? I'd love
to see a test matrix for (server, desktop) x (sysvinit, systemd).
Anyway, IMO that's not a blocker: shipping the profile will make it
easier to tackle this problem. OTOH, possibly part of the solution
will be to use systemd v210+'s ApparmorProfile= option, then maybe the
best place to add the ntpd profile would be the ntp package itself.
We can change this later, and I'm in favour of going ahead and taking
the proposed patch, if shipping the ntpd policy in aa-p-extra is
already useful in some usecases.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list