Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
On Fri, Jul 8, 2016 at 5:09 PM, Eric Delaet <email address hidden> wrote:
> Hi Christian,
>
> Sure, if you have a beta package or so I'm ready to test it. Just
> deployed another server and saw the same behaviour, so it's easy to
> replicate for me and to check if the error is gone.
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1582767
>
> Title:
> apparmor permissions missing for winbind
>
> Status in ntp package in Ubuntu:
> Triaged
>
> Bug description:
> When using Winbind, ntpd needs to access the Winbind pipe:
>
> May 17 16:23:15 bo kernel: [ 27.598551] type=1400
> audit(1463494995.048:18): apparmor="DENIED" operation="connect"
> profile="/usr/sbin/ntpd" name="/run/samba/winbindd/pipe" pid=1517
> comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
>
> Would there be any reason not to allow this ? I added the following
> line to /etc/apparmor/init/network-interface-security/usr.sbin.ntpd:
>
> /run/samba/winbindd/pipe rw,
>
> Thanks!
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1582767/+subscriptions
>
Thanks already for your commitment to help!
The final fix is currently in review, as it is is part of a merge and that
changes much more.
To give you a way to pre-evaluate I put it in a ppa at /launchpad. net/~paelzer/ +archive/ ubuntu/ ntp-test- bug-1582767
https:/
This silently will tests all other changes as well if they get you or your
environment into any trouble as well.
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
On Fri, Jul 8, 2016 at 5:09 PM, Eric Delaet <email address hidden> wrote:
> Hi Christian, /bugs.launchpad .net/bugs/ 1582767 5.048:18) : apparmor="DENIED" operation="connect" "/usr/sbin/ ntpd" name="/ run/samba/ winbindd/ pipe" pid=1517 init/network- interface- security/ usr.sbin. ntpd: winbindd/ pipe rw, /bugs.launchpad .net/ubuntu/ +source/ ntp/+bug/ 1582767/ +subscriptions
>
> Sure, if you have a beta package or so I'm ready to test it. Just
> deployed another server and saw the same behaviour, so it's easy to
> replicate for me and to check if the error is gone.
>
> --
> You received this bug notification because you are a bug assignee.
> https:/
>
> Title:
> apparmor permissions missing for winbind
>
> Status in ntp package in Ubuntu:
> Triaged
>
> Bug description:
> When using Winbind, ntpd needs to access the Winbind pipe:
>
> May 17 16:23:15 bo kernel: [ 27.598551] type=1400
> audit(146349499
> profile=
> comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
>
> Would there be any reason not to allow this ? I added the following
> line to /etc/apparmor/
>
> /run/samba/
>
> Thanks!
>
> To manage notifications about this bug go to:
> https:/
>