Re: [apparmor] [patch] ntpd needs read access to openssl.cnf
Hello, If you're fixing the profile, you might want to consider streamlining it. The following rules are superfluous from the following includes: @{PROC}/sys/kernel/ngroups_max, /etc/gai.conf abstractions/base, abstractions/nameservice Regards, Kshitij Gupta On 9/17/13, Christian Boltz wrote: > Hello, > > Am Montag, 16. September 2013 schrieb Steve Beattie: >> On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote: >> > I just received the following patch and propose it for 2.8 and >> > trunk: >> > >> > Patch-Author: Stefan Seyfried >> > >> > After this change in ntp: >> > >> > * Mo Aug 19 2013 crrodrig...@opensuse.org >> > - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use >> > >> > the system's openssl configuration. >> > >> > we need to read openssl.cnf or starting of ntpd will fail >> > silently(!) > >> Though ntpd failing silently sounds like an ntpd bug to me. > > Indeed - I'll ask Seife if he can open a bugreport about it (probably in > ntp upstream). > > > Regards, > > Christian Boltz > -- > Ich bin beeindruckt! > Windows startet nicht mehr -> Problem gelöst. > Ich wünschte, ich könnte meine Probleme auch so befriedigend lösen. > [Sandy Drobic in suse-linux] > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] ntpd needs read access to openssl.cnf
Hello, Am Montag, 16. September 2013 schrieb Steve Beattie: > On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote: > > I just received the following patch and propose it for 2.8 and > > trunk: > > > > Patch-Author: Stefan Seyfried > > > > After this change in ntp: > > > > * Mo Aug 19 2013 crrodrig...@opensuse.org > > - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use > > > > the system's openssl configuration. > > > > we need to read openssl.cnf or starting of ntpd will fail > > silently(!) > Though ntpd failing silently sounds like an ntpd bug to me. Indeed - I'll ask Seife if he can open a bugreport about it (probably in ntp upstream). Regards, Christian Boltz -- Ich bin beeindruckt! Windows startet nicht mehr -> Problem gelöst. Ich wünschte, ich könnte meine Probleme auch so befriedigend lösen. [Sandy Drobic in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] ntpd needs read access to openssl.cnf
On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote: > Hello, > > I just received the following patch and propose it for 2.8 and trunk: > > > > Patch-Author: Stefan Seyfried > > After this change in ntp: > > * Mo Aug 19 2013 crrodrig...@opensuse.org > - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use > the system's openssl configuration. > > we need to read openssl.cnf or starting of ntpd will fail silently(!) > > > > Patch v2 by Christian Boltz: use abstractions/openssl instead of > allowing /etc/ssl/openssl.cnf directly Acked-by: Seth Arnold > > === modified file 'profiles/apparmor.d/usr.sbin.ntpd' > --- profiles/apparmor.d/usr.sbin.ntpd 2011-08-08 20:16:06 + > +++ profiles/apparmor.d/usr.sbin.ntpd 2013-09-16 20:28:39 + > @@ -14,6 +14,7 @@ > /usr/sbin/ntpd { >#include >#include > + #include >#include > >capability dac_override, > Thanks signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] ntpd needs read access to openssl.cnf
On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote: > I just received the following patch and propose it for 2.8 and trunk: > > Patch-Author: Stefan Seyfried > > After this change in ntp: > > * Mo Aug 19 2013 crrodrig...@opensuse.org > - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use > the system's openssl configuration. > > we need to read openssl.cnf or starting of ntpd will fail silently(!) > > > > Patch v2 by Christian Boltz: use abstractions/openssl instead of > allowing /etc/ssl/openssl.cnf directly Acked-by: Steve Beattie for trunk and 2.8. Though ntpd failing silently sounds like an ntpd bug to me. Thanks. -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor