Re: [apparmor] [patch] ntpd needs read access to openssl.cnf
Hello,
If you're fixing the profile, you might want to consider streamlining it.
The following rules are superfluous from the following includes:
@{PROC}/sys/kernel/ngroups_max, /etc/gai.conf
abstractions/base, abstractions/nameservice
Regards,
Kshitij Gupta
On 9/17/13, Christian Boltz wrote:
> Hello,
>
> Am Montag, 16. September 2013 schrieb Steve Beattie:
>> On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote:
>> > I just received the following patch and propose it for 2.8 and
>> > trunk:
>> >
>> > Patch-Author: Stefan Seyfried
>> >
>> > After this change in ntp:
>> >
>> > * Mo Aug 19 2013 crrodrig...@opensuse.org
>> > - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
>> >
>> > the system's openssl configuration.
>> >
>> > we need to read openssl.cnf or starting of ntpd will fail
>> > silently(!)
>
>> Though ntpd failing silently sounds like an ntpd bug to me.
>
> Indeed - I'll ask Seife if he can open a bugreport about it (probably in
> ntp upstream).
>
>
> Regards,
>
> Christian Boltz
> --
> Ich bin beeindruckt!
> Windows startet nicht mehr -> Problem gelöst.
> Ich wünschte, ich könnte meine Probleme auch so befriedigend lösen.
> [Sandy Drobic in suse-linux]
>
>
> --
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] ntpd needs read access to openssl.cnf
Hello, Am Montag, 16. September 2013 schrieb Steve Beattie: > On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote: > > I just received the following patch and propose it for 2.8 and > > trunk: > > > > Patch-Author: Stefan Seyfried > > > > After this change in ntp: > > > > * Mo Aug 19 2013 crrodrig...@opensuse.org > > - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use > > > > the system's openssl configuration. > > > > we need to read openssl.cnf or starting of ntpd will fail > > silently(!) > Though ntpd failing silently sounds like an ntpd bug to me. Indeed - I'll ask Seife if he can open a bugreport about it (probably in ntp upstream). Regards, Christian Boltz -- Ich bin beeindruckt! Windows startet nicht mehr -> Problem gelöst. Ich wünschte, ich könnte meine Probleme auch so befriedigend lösen. [Sandy Drobic in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] ntpd needs read access to openssl.cnf
On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote:
> Hello,
>
> I just received the following patch and propose it for 2.8 and trunk:
>
>
>
> Patch-Author: Stefan Seyfried
>
> After this change in ntp:
>
> * Mo Aug 19 2013 crrodrig...@opensuse.org
> - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
> the system's openssl configuration.
>
> we need to read openssl.cnf or starting of ntpd will fail silently(!)
>
>
>
> Patch v2 by Christian Boltz: use abstractions/openssl instead of
> allowing /etc/ssl/openssl.cnf directly
Acked-by: Seth Arnold
>
> === modified file 'profiles/apparmor.d/usr.sbin.ntpd'
> --- profiles/apparmor.d/usr.sbin.ntpd 2011-08-08 20:16:06 +
> +++ profiles/apparmor.d/usr.sbin.ntpd 2013-09-16 20:28:39 +
> @@ -14,6 +14,7 @@
> /usr/sbin/ntpd {
>#include
>#include
> + #include
>#include
>
>capability dac_override,
>
Thanks
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] ntpd needs read access to openssl.cnf
On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote: > I just received the following patch and propose it for 2.8 and trunk: > > Patch-Author: Stefan Seyfried > > After this change in ntp: > > * Mo Aug 19 2013 crrodrig...@opensuse.org > - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use > the system's openssl configuration. > > we need to read openssl.cnf or starting of ntpd will fail silently(!) > > > > Patch v2 by Christian Boltz: use abstractions/openssl instead of > allowing /etc/ssl/openssl.cnf directly Acked-by: Steve Beattie for trunk and 2.8. Though ntpd failing silently sounds like an ntpd bug to me. Thanks. -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
