[Bug 1205875] Re: apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and capability block_suspend

J G Miller miller at yoyo.ORG
Sun Sep 22 17:36:19 UTC 2013 

Serge Hallyn asked "Can you show your ntp configuration?"

Here is the /etc/ntp.conf file


#/*****************************************************************************#
#|
#|  file : /etc/ntp.conf.net
#|
#*---------------------------------------------------------------------------*#
#
restrict	192.168.11.0	mask 255.255.255.0	nomodify notrap
#
restrict	192.168.11.12
#
restrict	127.0.0.1
#
#.............................................................................#
#
logconfig	=clockall +peerall +syncall +sysall
#
#.............................................................................#
#
driftfile	/var/log/ntpd/ntpstats/ntp.drift
#
logfile		/var/log/ntpd/ntpd.log
#
statsdir	/var/log/ntpd/ntpstats/
#
#.............................................................................#
#
statistics	clockstats loopstats peerstats
#
filegen		clockstats	file clockstats		type day	enable
filegen		loopstats	file loopstats		type day	enable
filegen		peerstats	file peerstats		type day	enable
#
#.............................................................................#
#
server		another_host.my_local_domain
#
server		127.127.1.0
fudge		127.127.1.0	stratum 10
#
#*****************************************************************************#


where another_host.my_local_domain is the FQDN of my ntp server on another machine on my internal network 192.168.11.0 so there are no overt references to SAMBA hosts, BUT nsswitch.conf has


#*****************************************************************************#
#|
#|  file : /etc/nsswitch.conf
#|
#*---------------------------------------------------------------------------*#
#
group:          compat
passwd:         compat
shadow:         compat
#
#.............................................................................#
#
hosts:          files   mdns4_minimal   [NOTFOUND=return]       wins    nis     
dns     mdns4
#
networks:       nis     files
#
#.............................................................................#
.#
files ... etc

which may explain why CIFS/SAMBA becomes involved.

Also, as a footnote, gencache.tdb is present and world readable, but
obviously not world writeable

 ll /run/samba/gencache.tdb

416 -rw-r--r-- 1 root root 425984 2013-09-22 10:37
/run/samba/gencache.tdb

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1205875

Title:
  apparmor.d profile for usr.sbin.ntpd -- access to samba gencache and
  capability block_suspend

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1205875/+subscriptions

More information about the Ubuntu-server-bugs mailing list