Commit 19d3bac1 authored by Kurt Roeckx's avatar Kurt Roeckx

Apparmor updates

parent 3d9223b7
......@@ -110,3 +110,12 @@ ntp-genkeys now generates an MD5 ntp.keys file in /var/lib/ntp. Use
of these keys has not yet been tested; please report success or
failure in using them to the maintainer.
Apparmor Profile
----------------
If your system uses AppArmor, please note that the shipped enforcing profile
works with the default installation, and changes in your configuration may
require changes to the installed apparmor profile. Please see
https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
software.
......@@ -27,14 +27,15 @@
capability sys_time,
capability sys_nice,
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
# ntp uses AF_INET, AF_INET6 and AF_UNSPEC
network dgram,
network stream,
@{PROC}/net/if_inet6 r,
@{PROC}/*/net/if_inet6 r,
@{NTPD_DEVICE} rw,
# pps devices are almost exclusively used with NTP
/dev/pps[0-9]* rw,
/{,s}bin/ r,
/usr/{,s}bin/ r,
......
# vim:syntax=apparmor
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
# Copyright (C) 2011 Canonical, Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
#Add your ntpd devices here eg. if you have a DCF clock
# @{NTPD_DEVICE}="/dev/ttyS1"
@{NTPD_DEVICE}="/dev/null"
ntp (1:4.2.8p7+dfsg-3) unstable; urgency=medium
[ Hideki Yamane ]
* Properly enable Apparmor profile from Ubuntu (Closes: #823024)
Patch from Hideki Yamane <henrich@debian.or.jp>
* Update replace/breaks versions of apparmor-profiles-extra
(Closes: #805183)
-- Kurt Roeckx <kurt@roeckx.be> Sat, 30 Apr 2016 12:14:14 +0200
ntp (1:4.2.8p7+dfsg-2) unstable; urgency=medium
* Only build-depend on pps-tools on Linux
......
......@@ -16,8 +16,8 @@ Depends: adduser, lsb-base (>= 3.2-13), netbase, ${misc:Depends}, ${shlibs:Depen
Pre-Depends: dpkg (>= 1.15.7.2)
Recommends: ${perl:Depends}
Suggests: ntp-doc
Breaks: dhcp3-client (<< 4.1.0-1), apparmor-profiles-extra (<= 1.6)
Replaces: apparmor-profiles-extra (<= 1.6)
Breaks: dhcp3-client (<< 4.1.0-1), apparmor-profiles-extra (<= 1.7)
Replaces: apparmor-profiles-extra (<= 1.7)
Description: Network Time Protocol daemon and utility programs
NTP, the Network Time Protocol, is used to keep computer clocks
accurate by synchronizing them over the Internet or a local network,
......
......@@ -70,7 +70,10 @@ install: build-stamp
install -D -m 0644 debian/ntp.conf debian/ntp/etc/ntp.conf
install -D -m 0644 debian/ntpd.apparmor debian/ntp/etc/apparmor.d/usr.sbin.ntpd
# install apparmor profile
install -D -m 0644 debian/apparmor-profile debian/ntp/etc/apparmor.d/usr.sbin.ntpd
install -D -m 0644 debian/apparmor-profile.tunable debian/ntp/etc/apparmor.d/tunables/ntpd
dh_link -pntp etc/apparmor.d/usr.sbin.ntpd etc/apparmor/init/network-interface-security/usr.sbin.ntpd
# remove upstream man pages, which are currently not as nice as ours / ntpsnmpd we don't want
rm $(addprefix debian/tmp/usr/share/man/man1/,ntpd.1 ntpdc.1 ntp-keygen.1 ntpq.1)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment