https://bugzilla.novell.com/show_bug.cgi?id=657054 https://bugzilla.novell.com/show_bug.cgi?id=657054#c0 Summary: apparmor config prevents ntpd "-N" option to work Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: i686 OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: AppArmor AssignedTo: jeffm@novell.com ReportedBy: phdm@macqel.be QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=403111) --> (http://bugzilla.novell.com/attachment.cgi?id=403111) patch for /etc/apparmor.d/usr.sbin.ntpd User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090730 SUSE/3.5.2-2.1 Firefox/3.5.2 I tried to give a higher priority to the ntpd process, by adding "-N" to NTPD_OPTIONS in /etc/sysconfig/ntp, and restarted ntp by /etc/init.d/ntp restart. Unfortunately, that did not give a higher priority to the ntpd process. Investigations revealed that disabling apparmor and restarting ntp again did now work. In /var/log/audit/audit.log, one could find the following lines : type=APPARMOR_DENIED msg=audit(1291217768.228:14): operation="capable" pid=27375 parent=1 profile="/usr/sbin/ntpd" name="sys_nice" There were also other ntpd-related messages, irreleevant to my initial problem, but still worth fixing : type=APPARMOR_DENIED msg=audit(1291279774.699:24): operation="open" pid=21143 parent=1 profile="/usr/sbin/ntpd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/var/lib/ntp/proc/sys/kernel/ngroups_max" The attached patch completely fixes both the "-N" bug and the ngroups_max access bug. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.