apparmor logs - pve9

[spleenftw]

Hello,

I've upgraded my proxmox node from 8.4.x to 9.0.x yesterday, and i am getting those logs since :
Aug 08 09:20:59 pivoine kernel: audit: type=1400 audit(1754637659.671:3514): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/usr/sbin/ntpd" pid=2297 comm="ntpd" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none

My question is, is it linked to the major update or am i having issues ? (i am running ntp local relays and my proxmox is configured to "ask" them time).

 

[fabian]

it sounds like ntpd is running restricted by apparmor, and tries to do things which are not allowed by the corresponding profile. is it working fine for your use case?

 

[spleenftw]

I mean, time is getting synchronized between my proxomx (client) and my ntp server, so i guess yes.
But i'm still getting spammed of this error log.

 

[fabian]

you have a few options:
- reconfigure ntpd to no longer do what it does - AFAICT it tries to create a unix socket for something
- adapt the profile to allow what ntpd does (if you understand enough about its internals to know whether that is okay)
- let ntpd run without apparmor constraints (reducing its sandboxing and lowering overall security of your system)

 

[hpcraith]

I upgraded to Virtual Environment 9.0.10 and see the log filled with entries:
2025-10-15T15:30:06.455426+02:00 vwsrv2 kernel: audit: type=1400 audit(1760535006.453:2729): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/usr/sbin/ntpd" pid=848061 comm="ntpd" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none

the document Upgrade from 8 to 9 only speaks about chrony. So I wonder why ntpd is installed instead.
Before I upgraded from VE 7 to VE 8 and chrony was kept.

So what I have to do, to get rid of this problem. I am not familiar with apparmor and ntpd config files.

Dieter