[apparmor] [patch] Allow "network unspec dgram," in ntpd profile

Christian Boltz apparmor at cboltz.de
Mon Nov 14 21:26:40 UTC 2016


Hello,

a while ago, support for "network unspec" was added. However, nobody
updated the ntpd profile (at least not the profile in upstream bzr)
which was the main reason for adding "unspec".

References: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1546455
            (the original bugreport about "unspec")

References: https://bugzilla.opensuse.org/show_bug.cgi?id=1009964
            (about the ntpd profile)


I propose this patch for trunk and 2.10 (the openSUSE bugreport is about
Tumbleweed, which uses 2.10.1).

I'm not sure about 2.9 because I don't know if the "unspec" keyword was
backported to 2.9.


[ ntpd-network-unspec-dgram.diff ]

=== modified file 'profiles/apparmor.d/usr.sbin.ntpd'
--- profiles/apparmor.d/usr.sbin.ntpd   2015-09-15 12:24:57 +0000
+++ profiles/apparmor.d/usr.sbin.ntpd   2016-11-14 21:20:27 +0000
@@ -27,6 +27,8 @@
   capability sys_time,
   capability sys_nice,
 
+  network unspec dgram,
+
   /drift/ntp.drift rwl,
   /drift/ntp.drift.TEMP rwl,
   /etc/ntp.conf r,



Regards,

Christian Boltz
-- 
[19:31] <suseROCKs> #info anditosan just text that he took a sleeping
       pill last night and is trying to wake up to get to the meeting...
[19:31] <suseROCKs> :-D
[19:31] --> anditosan joined the channel (~ytoox at 67.214.243.90).
[19:32] <shayonj> hah , there he is
[19:32] <suseROCKs> anditosan is going to *LOVE* reading the minutes
        after this meeting!
[from #opensuse-project]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161114/8fe07abb/attachment.pgp>


More information about the AppArmor mailing list