[pkg-apparmor] Bug#904040: openntpd: Apparmor denies logging

[Dererk]

user pkg-apparmor-team at lists.alioth.debian.org
usertags #904040 + help-needed
thanks

Dear App Armor Team!

I was reported about a bug on the way an apparmor profile behaves.
It appears to me that this issue might be tightly related to the way 
apparmor is compiled on Ubuntu, since all my attempts to find similar 
reports get isolated to Ubuntu's reports and bug fixes.

Would you be kind in advice on how to proceed with this? Is this 
possible to be hit on Debian installations? If its not, Is it safe to 
apply it on Debian without backfiring?


Thanks in advance


Your #1 fan,

\d


On 18/07/18 14:06, Stefano Rivera wrote:
> Package: openntpd
> Version: 1:6.2p3-1
> Severity: normal
> Tags: patch
>
> Can't reproduce this in a quick check in Debian, but I can see it on
> Ubuntu 18.04 machines, and this patch does the trick.
>
> AppArmor denies openntpd access to syslog:
>> [1690592.258663] audit: type=1400 audit(1531921190.778:1052): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/ntpd" name="run/systemd/journal/dev-log" pid=2708 comm="ntpd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
> This seems to be a known issue with apparmor + systemd
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1373070
>
> And the workaround is a patch like this (which has already been applied
> to ntpd).
>
> SR

-- 
BOFH excuse #154:

You can tune a file system, but you can't tune a fish (from most tunefs man pages)