Apparmor denial for ntpd on Focal #5795

kushaldas · 2021-02-17T10:24:42Z

Description

ntpd throws grsec denial message.

Steps to Reproduce

Install focal on hardware (I hope the same will show up in vm too)
check /var/log/syslog

Expected Behavior

no grsec error from ntpd

Actual Behavior


Feb 17 03:43:33 app systemd[1]: Starting Network Time Service... Feb 17 03:43:33 app kernel: [  202.428911] audit: type=1400 audit(1613533413.416:46): apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd" name="/snap/bin/" pid=3303 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 17 03:43:33 app ntpd[3303]: ntpd [email protected] (1): Starting Feb 17 03:43:33 app ntpd[3303]: Command line: /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 112:117 Feb 17 03:43:33 app ntpd[3306]: proto: precision = 0.175 usec (-22)
--

Comments

Suggestions to fix, any other relevant information.

The text was updated successfully, but these errors were encountered:

conorsch · 2021-02-17T23:29:35Z

At standup today, @rmol mentioned he'd seen this one, too. Since we're adding ntp to Focal, conceivable we can just stop doing that, and let systemd-timesyncd do its thing.

kushaldas added the needs/reproducing label Feb 17, 2021

kushaldas changed the title ~~grsec denial for ntpd~~ Apparmor denial for ntpd on Focal Feb 17, 2021

eloquence added release blocker and removed needs/reproducing labels Feb 17, 2021

conorsch assigned rmol Feb 17, 2021

rmol mentioned this issue Feb 19, 2021

Remove ntp and ntpdate dependencies #5806

Merged

6 tasks

kushaldas closed this as completed in #5806 Feb 24, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Apparmor denial for ntpd on Focal #5795

Apparmor denial for ntpd on Focal #5795

kushaldas commented Feb 17, 2021

conorsch commented Feb 17, 2021