Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-bugs (3378 mails)

< Previous Next >
[Bug 657054] New: apparmor config prevents ntpd "-N" option to work
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 2 Dec 2010 12:04:43 +0000
  • Message-id: <bug-657054-21960@xxxxxxxxxxxxxxxxxxxxxxxx/>

https://bugzilla.novell.com/show_bug.cgi?id=657054

https://bugzilla.novell.com/show_bug.cgi?id=657054#c0


Summary: apparmor config prevents ntpd "-N" option to work
Classification: openSUSE
Product: openSUSE 11.3
Version: Final
Platform: i686
OS/Version: openSUSE 11.3
Status: NEW
Severity: Major
Priority: P5 - None
Component: AppArmor
AssignedTo: jeffm@xxxxxxxxxx
ReportedBy: phdm@xxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
Blocker: ---


Created an attachment (id=403111)
--> (http://bugzilla.novell.com/attachment.cgi?id=403111)
patch for /etc/apparmor.d/usr.sbin.ntpd

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2)
Gecko/20090730 SUSE/3.5.2-2.1 Firefox/3.5.2

I tried to give a higher priority to the ntpd process, by adding "-N" to
NTPD_OPTIONS in /etc/sysconfig/ntp, and restarted ntp by /etc/init.d/ntp
restart.

Unfortunately, that did not give a higher priority to the ntpd process.
Investigations revealed that disabling apparmor and restarting ntp again did
now work. In /var/log/audit/audit.log, one could find the following lines :
type=APPARMOR_DENIED msg=audit(1291217768.228:14): operation="capable"
pid=27375 parent=1 profile="/usr/sbin/ntpd" name="sys_nice"
There were also other ntpd-related messages, irreleevant to my initial problem,
but still worth fixing :
type=APPARMOR_DENIED msg=audit(1291279774.699:24): operation="open" pid=21143
parent=1 profile="/usr/sbin/ntpd" requested_mask="r::" denied_mask="r::"
fsuid=0 ouid=0 name="/var/lib/ntp/proc/sys/kernel/ngroups_max"

The attached patch completely fixes both the "-N" bug and the ngroups_max
access bug.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
This Thread
  • No further messages