[apparmor] question about profile name when it is a symlink
Christian Boltz
apparmor at cboltz.de
Thu Mar 19 18:46:13 UTC 2026
Hello,
Am Donnerstag, 19. März 2026, 12:10 schrieb Martin Frétigné:
> I'm currently trying to set up an apparmor profile for ntp on my
> system. There is a profile for /usr/sbin/ntpd. However, on my system
> /usr/sbin/ntpd is a symlink to /usr/bin/ntpd.ntp (the real
> executable, it is symlinked by update-alternatives). Hence the
> profile is not active.
>
> I could change the profile name to /usr/sbin/ntpd.ntp, but is it the
> right way or is there another ?
Yes, this is the right way.
You can also change the profile to /usr/bin/ntpd{,.ntp} so that it
covers both filenames - just in case that the symlink becomes a real file
one day.
And since this will look ugly in your audit.log, you can (and should)
give the profile a name:
profile ntpd /usr/bin/ntpd{,.ntp} {
Regards,
Christian Boltz
--
if this crashes as well, make sure to create a bnc entry, add a
backtrace, a copy of your sysconfig/proxy file and some cheese (Want
to make a fondue). [Dominique Leuenberger in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 870 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20260319/55fb5c83/attachment.sig>
More information about the AppArmor
mailing list