[Bug 1195898] [NEW] apparmour denies access to /var/log/ntpstats/protostats

Nicholas Cross nick at kiwi-hacker.net
Fri Jun 28 21:21:02 UTC 2013 

Public bug reported:


Jun 28 07:55:29 2013 ubuntu <daemon.err<27>> ntpd[2001]: can't open /var/log/ntpstats/protostats.20130628: Permission denied
Jun 28 07:55:29 2013 ubuntu <kern.notice<5>> kernel: [136683.753956] type=1400 audit(1372402529.550:120): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/ntpd" name="/var/log/ntpstats/protostats.20130628" pid=2001 comm="ntpd" requested_mask="c" denied_mask="c" fsuid=129 ouid=129


FIX:

  
vi /etc/apparmor.d/usr.sbin.ntpd

#add

/var/log/ntpstats/protostats*   rwl,


# restart 

apparmor_parser -r /etc/apparmor.d/usr.sbin.ntpd


DATA:

# lsb_release -rd
Description:	Ubuntu 12.04.2 LTS
Release:	12.04


# apt-cache policy ntp
ntp:
  Installed: 1:4.2.6.p3+dfsg-1ubuntu3.1
  Candidate: 1:4.2.6.p3+dfsg-1ubuntu3.1
  Version table:
 *** 1:4.2.6.p3+dfsg-1ubuntu3.1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     1:4.2.6.p3+dfsg-1ubuntu3 0
        500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages


# apt-cache policy apparmor
apparmor:
  Installed: 2.7.102-0ubuntu3.8
  Candidate: 2.7.102-0ubuntu3.8
  Version table:
 *** 2.7.102-0ubuntu3.8 0
        500 http://gb.archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2.7.102-0ubuntu3.7 0
        500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
     2.7.102-0ubuntu3 0
        500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

** Affects: ntp (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apparmour ntp ntpstats protostats

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1195898

Title:
  apparmour denies access to /var/log/ntpstats/protostats

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1195898/+subscriptions

More information about the Ubuntu-server-bugs mailing list