[apparmor] [patch] Allow ntpd to read directory listings of $PATH
Seth Arnold
seth.arnold at canonical.com
Mon Sep 14 18:08:59 UTC 2015
On Mon, Sep 14, 2015 at 01:02:27PM +0200, Christian Boltz wrote:
> > > Also, ntpd seems to work without those permissions, so we might want
> > > to change the added rule to "deny".
> >
> > Sounds like a good idea, as long as it doesn't break anything (which
> > is probably hard to assess, sure :)
>
> I asked Reinhard Max, the SUSE ntp maintainer - see
> https://bugzilla.opensuse.org/show_bug.cgi?id=945592
I gave the code a quick skim and it's definitely built its own generic
colon-separated path searching mechanism with the ability to look for
readable, writable, and executable files. Based on some of the comments
nearby it looks like they had reasonable reason to build one, though I
couldn't tell you why. :)
I think the accesses should be allowed -- without it, some portion of the
program won't work as expected for some configuration. (Feel free to
consider this:
Acked-by: Seth Arnold <seth.arnold at canonical.com>
)
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150914/f00a6df1/attachment.pgp>
More information about the AppArmor
mailing list