[apparmor] [patch] ntpd needs read access to openssl.cnf

Christian Boltz Mon, 16 Sep 2013 14:04:19 -0700

Hello,

I just received the following patch and propose it for 2.8 and trunk:




Patch-Author: Stefan Seyfried <seife+...@b1-systems.com>

After this change in ntp:

* Mo Aug 19 2013 crrodrig...@opensuse.org
- Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
  the system's openssl configuration.

we need to read openssl.cnf or starting of ntpd will fail silently(!)



Patch v2 by Christian Boltz: use abstractions/openssl instead of
allowing /etc/ssl/openssl.cnf directly


=== modified file 'profiles/apparmor.d/usr.sbin.ntpd'
--- profiles/apparmor.d/usr.sbin.ntpd   2011-08-08 20:16:06 +0000
+++ profiles/apparmor.d/usr.sbin.ntpd   2013-09-16 20:28:39 +0000
@@ -14,6 +14,7 @@
 /usr/sbin/ntpd {
   #include <abstractions/base>
   #include <abstractions/nameservice>
+  #include <abstractions/openssl>
   #include <abstractions/xad>
 
   capability dac_override,





Regards,

Christian Boltz
-- 
No need to use Windows -- it's easier to go through the door.
[author unknown]


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch] ntpd needs read access to openssl.cnf

Reply via email to