Ubuntu
apparmor package

ntpd wants to read /etc/gai.conf

Bug #202991 reported by William Grant
2
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Low
Kees Cook
Ubuntu ubuntu-8.04

Bug Description

Binary package hint: apparmor

I often get lines like the following in my syslog:

--
Mar 17 08:23:53 irranat kernel: [ 656.177844] audit(1205702633.448:595): operation="inode_permission" request_mask="r::" denied_mask="r::" name="/etc/gai.conf" pid=25847 profile="/usr/sbin/ntpd" namespace="default"
--

Apparently the file should be added to abstractions/nameservice.

Revision history for this message
Kees Cook (kees) wrote :

Thanks! I've got this in the branch for the next apparmor upload.

Changed in apparmor:
assignee: nobody → keescook
importance: Undecided → Low
milestone: none → ubuntu-8.04
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.1+1075-0ubuntu6

---------------
apparmor (2.1+1075-0ubuntu6) hardy; urgency=low

  [ Kees Cook ]
  * utils/SubDomain.pm:
    - fix up mask parsing to match kernel version (LP: #202920).
    - fix up syslog parsing regexp to match broken kernels (LP: #202888).
  * profiles/apparmor.d/abstractions/base: add licenses path for reading.
  * profiles/apparmor.d/abstractions/freedesktop.org: include /usr/local.
  * profiles/apparmor.d/usr.sbin.smbd: include print client abstraction.
  * profiles/apparmor.d/abstractions/nameservice: include missing gai.conf
    (LP: #202991).

  [ Jamie Strandboge ]
  * add Debian Policy compliant way to toggle complain mode (LP: #203137)
    - parser/rc.apparmor.functions: add '-C' to PARSER_ARGS if
      force-complain/<profile> exists
    - utils/enforce: remove symlink in force-complain/
    - debian/rules: create /etc/apparmor.d/force-complain

 -- Kees Cook <email address hidden> Mon, 17 Mar 2008 10:28:23 -0700

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.