[Bug 850374] New: Apparmor config keeps ntpd from updating /var/lib/ntp/drift/driftfile.TEMP
https://bugzilla.novell.com/show_bug.cgi?id=850374 https://bugzilla.novell.com/show_bug.cgi?id=850374#c0 Summary: Apparmor config keeps ntpd from updating /var/lib/ntp/drift/driftfile.TEMP Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: suse-beta@cboltz.de ReportedBy: eruby@knowledgematters.net QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 /var/log/messages shows: Nov 13 21:51:19 db046 kernel: [ 3659.370852] type=1400 audit(1384379479.255:32): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/ntpd" name="/var/lib/ntp/drift/driftfile.TEMP" pid=4682 comm="ntpd" requested_mask="c" denied_mask="c" fsuid=74 ouid=74 /var/log/ntp shows: 13 Nov 21:51:19 ntpd[4682]: frequency file /var/lib/ntp/drift/driftfile.TEMP: Permission denied 13 Nov 22:51:19 ntpd[4682]: frequency file /var/lib/ntp/drift/driftfile.TEMP: Permission denied 13 Nov 23:51:19 ntpd[4682]: frequency file /var/lib/ntp/drift/driftfile.TEMP: Permission denied 14 Nov 00:51:19 ntpd[4682]: frequency file /var/lib/ntp/drift/driftfile.TEMP: Permission denied Checking /etc/apparmor.d/usr.sbin.ntpd lists the file /var/lib/ntp/drift/ntp.drift.TEMP but not the file /var/lib/ntp/drift/driftfile.TEMP. Adding /var/lib/ntp/drift/driftfile.TEMP to /etc/apparmor.d/usr.sbin.ntpd at line 50 solves the problem. Reproducible: Always Steps to Reproduce: 1. Install OpenSUSE 12.3 2. Check /var/log/messages and /var/log/ntp for the error 4. Profit! Actual Results: ntpd cannot write to the temporary driftfile. Expected Results: ntpd working as designed. You just need to add /var/lib/ntp/drift/driftfile.TEMP to /etc/apparmor.d/usr.sbin.ntpd to fix the issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850374
https://bugzilla.novell.com/show_bug.cgi?id=850374#c1
--- Comment #1 from Earl Ruby
https://bugzilla.novell.com/show_bug.cgi?id=850374
https://bugzilla.novell.com/show_bug.cgi?id=850374#c2
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=850374
https://bugzilla.novell.com/show_bug.cgi?id=850374#c3
--- Comment #3 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=850374
https://bugzilla.novell.com/show_bug.cgi?id=850374#c4
--- Comment #4 from Bernhard Wiedemann
http://bugzilla.novell.com/show_bug.cgi?id=850374
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=850374
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=850374
--- Comment #6 from Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=850374
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com