Apparmor denies access to /var/lib/openntpd/db/ntpd.drift

[msi1]

audit: type=1400 audit(1580378188.850:39): apparmor="DENIED" operation="truncate" profile="/usr/sbin/ntpd" name="/var/lib/openntpd/db/ntpd.drift" pid=251684 comm="ntpd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0

root@pve01:/etc/apparmor.d# grep drift /etc/apparmor.d/usr.sbin.ntpd
/etc/ntp.drift rwl,
/etc/ntp.drift.TEMP rwl,
/etc/ntp/drift* rwl,
/var/lib/ntp/*drift rw,
/var/lib/ntp/*drift.TEMP rw,

 

[wbumiller]

Looks like a bug in the openntpd package of debian. The profile doesn't seem to list the files it wants to access.
This apparently has happened before [1].

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799084;msg=5

 

[msi1]

Is it enough that it is the same package name in the bug report ?

This is the attached diff:
--- usr.sbin.ntpd 2014-10-19 03:36:28.000000000 -0500
+++ /tmp/usr.sbin.ntpd 2015-09-15 12:51:07.502640134 -0500
@@ -45,6 +45,7 @@
/etc/ntpd.conf r,
/etc/ntpd.conf.tmp r,
/var/lib/ntp/ntp.conf.dhcp r,
+ /etc/openntpd/ntpd.conf r,

/etc/ntp.keys r,
/etc/ntp/** r,

I mean... reallly ?

 

[sigmarb]

For the record, as it is present again in Debian12/Proxmox 8, i just created another bug:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=ntpsec

2023-12-22T10:46:28.551247+01:00 srv42 kernel: [1569581.071493] audit: type=1400 audit(1703238388.546:160): apparmor="DENIED" operation="mknod" class="file" profile="/usr/sbin/ntpd" name="/var/lib/ntp/drift-tmp" pid=782130 comm="ntpd" requested_mask="c" denied_mask="c" fsuid=115 ouid=115