Public bug reported:
Many repetitions of
audit: type=1400 audit(1585517168.705:63): apparmor="DENIED"
operation="open" profile="/usr/sbin/chronyd" name="/etc/mdns.allow"
pid=1983815 comm="chronyd" requested_mask="r" denied_mask="r" fsuid=123
ouid=0
in log. I use libnss-mdns for .local name resolution, so
/etc/nsswitch.conf contains
hosts: files mdns [NOTFOUND=return] myhostname dns
and /etc/mnds.allow contains the domains to resolve with mDNS (in may
case, "local." and "local"; see /usr/share/doc/libnss-mdns/README.html.)
Presumably cronyd calls a gethostbyX() somewhere, thus eventually
trickling down through the name service switch and opening
/etc/mdns.allow, which the AppArmor profile in the chrony package does
not allow.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: chrony 3.5-6ubuntu1
ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24
Uname: Linux 5.4.0-18-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
Date: Sun Mar 29 15:02:39 2020
InstallationDate: Installed on 2020-03-26 (3 days ago)
InstallationMedia: Xubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200326)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: chrony
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: chrony (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug focal
** Summary changed:
- AppArmor denied accss to /etc/mdns.allow to cronyd
+ AppArmor denied access to /etc/mdns.allow to cronyd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1869629
Title:
AppArmor denied access to /etc/mdns.allow to cronyd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1869629/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
