On Mon, Sep 14, 2015 at 01:02:27PM +0200, Christian Boltz wrote: > > > Also, ntpd seems to work without those permissions, so we might want > > > to change the added rule to "deny". > > > > Sounds like a good idea, as long as it doesn't break anything (which > > is probably hard to assess, sure :) > > I asked Reinhard Max, the SUSE ntp maintainer - see > https://bugzilla.opensuse.org/show_bug.cgi?id=945592
I gave the code a quick skim and it's definitely built its own generic colon-separated path searching mechanism with the ability to look for readable, writable, and executable files. Based on some of the comments nearby it looks like they had reasonable reason to build one, though I couldn't tell you why. :) I think the accesses should be allowed -- without it, some portion of the program won't work as expected for some configuration. (Feel free to consider this: Acked-by: Seth Arnold <seth.arn...@canonical.com> ) Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
