[apparmor] [Bug 749727] Re: ntpd daemon request capability "dac_override"
Seth Arnold
749727 at bugs.launchpad.net
Sun Apr 3 22:40:36 UTC 2011
I have a very similar profile and ntp.conf, but don't see the DAC
capability requested in my logs; perhaps one of your file permissions is
different from mine? Of the files and directories listed in the profile
that I thought might have different DAC permissions, here's what mine
look like:
-rw-r--r-- 1 root root 1633 2010-08-06 17:36 /etc/ntp.conf
-rw-r--r-- 1 ntp ntp 7 2011-04-03 15:09 /var/lib/ntp/ntp.drift
-rw-r--r-- 1 root root 5 2011-04-03 15:09 /var/run/ntpd.pid
drwxr-xr-x 2 ntp ntp 4096 2010-08-06 17:36 /var/log/ntpstats
What do the permissions look like for your files?
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/749727
Title:
ntpd daemon request capability "dac_override"
Status in AppArmor Linux application security framework:
New
Status in NTP:
New
Bug description:
Environment: Ubuntu Desktop x64 10.10
The following message is observed in syslog
Apr 3 17:47:22 universe kernel: [ 20.235357] type=1400
audit(1301824042.778:24): apparmor="DENIED" operation="capable"
parent=1 profile="/usr/sbin/ntpd" pid=1459 comm="ntpd" capability=1
capname="dac_override"
either apparmor security profile is too restrictive or daemon "ntpd"
has bug
More information about the AppArmor
mailing list