[Bug 1135780] Re: ntp apparmor denied read of /usr/share/samba/upcase.dat
I believe I'm having this bug or a similar one in 12.04 Here are lines from my syslog May 17 13:56:11 escher kernel: [ 27.220217] type=1400 audit(1400352971.120:42): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/gencache.tdb" pid=2480 comm="ntpd" requested_mask="rwc" denied_mask="rwc" fsuid=0 ouid=0 May 17 13:56:11 escher kernel: [ 27.220232] type=1400 audit(1400352971.120:43): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/gencache.tdb" pid=2480 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 May 17 13:56:11 escher kernel: [ 27.220251] type=1400 audit(1400352971.120:44): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/gencache.tdb" pid=2480 comm="ntpd" requested_mask="rwc" denied_mask="rwc" fsuid=0 ouid=0 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1135780 Title: ntp apparmor denied read of /usr/share/samba/upcase.dat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1135780/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1135780] Re: ntp apparmor denied read of /usr/share/samba/upcase.dat
FWIW, the upstream apparmor commit that fixed this is r2382 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1135780 Title: ntp apparmor denied read of /usr/share/samba/upcase.dat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1135780/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1135780] Re: ntp apparmor denied read of /usr/share/samba/upcase.dat
Hello - I sat down to fix this bug in Trusty, but it is already fixed. Here's my reasoning: * Starting in Trusty, /usr/share/samba/{low,up}case.dat was moved to /usr/share/samba/codepages/{low,up}case.dat * The ntpd profile has "#include " * The nameservice abstraction has "#include " * Starting in Trusty, the winbind abstraction has "/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r," The denials should no longer be happening in Trusty so I'm going to mark this as Fix Released. Thanks for the bug report! ** Changed in: ntp (Ubuntu) Status: New => Fix Released ** Changed in: ntp (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1135780 Title: ntp apparmor denied read of /usr/share/samba/upcase.dat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1135780/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1135780] Re: ntp apparmor denied read of /usr/share/samba/upcase.dat
Thanks. This is a similiar but different issue to bug 1264548. The general issue is that custom nss changes require manual tweaking of apparmor profiles for those that import abstractions/nameservice. ** Changed in: ntp (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1135780 Title: ntp apparmor denied read of /usr/share/samba/upcase.dat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1135780/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1135780] Re: ntp apparmor denied read of /usr/share/samba/upcase.dat
Same issue here (ubuntu 13.10): dmesg: [252470.909606] type=1400 audit(1396308938.493:42): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/ntpd" name="/usr/share/samba/upcase.dat" pid=26764 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [252470.909635] type=1400 audit(1396308938.493:43): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/ntpd" name="/usr/share/samba/lowcase.dat" pid=26764 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [252470.911005] type=1400 audit(1396308938.493:44): apparmor="DENIED" operation="connect" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/unexpected" pid=26764 comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 [252471.393081] type=1400 audit(1396308938.977:45): apparmor="DENIED" operation="connect" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/unexpected" pid=26764 comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 [252471.999537] type=1400 audit(1396308939.581:46): apparmor="DENIED" operation="connect" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/unexpected" pid=26764 comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 [252472.710900] type=1400 audit(1396308940.293:47): apparmor="DENIED" operation="connect" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/unexpected" pid=26764 comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 [252473.343556] type=1400 audit(1396308940.925:48): apparmor="DENIED" operation="connect" parent=1 profile="/usr/sbin/ntpd" name="/run/samba/unexpected" pid=26764 comm="ntpd" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 As requested nsswitch.conf: # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] wins dns mdns4 #hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 #hosts: files dns wins networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis Installed samba packages: libnss-winbind 3.6.18-1ubuntu3.2K-O i386 Samba nameservice integration plugins libpam-smbpass 3.6.18-1ubuntu3.2K-O i386 pluggable authentication module for Samba libwbclient0 3.6.18-1ubuntu3.2 K-O i386 Samba winbind client library samba 3.6.18-1ubuntu3.2 P-T i386 SMB/CIFS file, print, and login server for Unix samba-common 3.6.18-1ubuntu3.2 P-T all common files used by both the Samba server and client samba-common-bin 3.6.18-1ubuntu3.2 P-T i386 common files used by both the Samba server and client samba-doc 3.6.18-1ubuntu3.2 P-T all Samba documentation winbind 3.6.18-1ubuntu3.2 U-Z i386 Samba nameservice integration server ** Changed in: ntp (Ubuntu) Status: Expired => New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1135780 Title: ntp apparmor denied read of /usr/share/samba/upcase.dat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1135780/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1135780] Re: ntp apparmor denied read of /usr/share/samba/upcase.dat
[Expired for ntp (Ubuntu) because there has been no activity for 60 days.] ** Changed in: ntp (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1135780 Title: ntp apparmor denied read of /usr/share/samba/upcase.dat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1135780/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1135780] Re: ntp apparmor denied read of /usr/share/samba/upcase.dat
Thank you for taking the time to report this bug and helping to make Ubuntu better. I'm confused as to why ntpd would try to access /usr/share/samba/{up,low}case.dat in the first place. Are you using winbind or something like that? Please could you attach /etc/nsswitch.conf and post the versions of any samba-related packages you have installed? Once done, please change the bug status back to New. ** Changed in: ntp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1135780 Title: ntp apparmor denied read of /usr/share/samba/upcase.dat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1135780/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs