[apparmor] [patch] ntpd needs read access to openssl.cnf
Christian Boltz
apparmor at cboltz.de
Mon Sep 16 20:39:13 UTC 2013
Hello,
I just received the following patch and propose it for 2.8 and trunk:
Patch-Author: Stefan Seyfried <seife+obs at b1-systems.com>
After this change in ntp:
* Mo Aug 19 2013 crrodriguez at opensuse.org
- Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
the system's openssl configuration.
we need to read openssl.cnf or starting of ntpd will fail silently(!)
Patch v2 by Christian Boltz: use abstractions/openssl instead of
allowing /etc/ssl/openssl.cnf directly
=== modified file 'profiles/apparmor.d/usr.sbin.ntpd'
--- profiles/apparmor.d/usr.sbin.ntpd 2011-08-08 20:16:06 +0000
+++ profiles/apparmor.d/usr.sbin.ntpd 2013-09-16 20:28:39 +0000
@@ -14,6 +14,7 @@
/usr/sbin/ntpd {
#include <abstractions/base>
#include <abstractions/nameservice>
+ #include <abstractions/openssl>
#include <abstractions/xad>
capability dac_override,
Regards,
Christian Boltz
--
No need to use Windows -- it's easier to go through the door.
[author unknown]
More information about the AppArmor
mailing list