apparmor/apparmor-2.5.1-ntpd-proc-fixes

From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor: Fix incorrect /proc/*/sys usage in usr.sbin.ntpd
References: bnc#634801

 /proc/sys/kernel exists, but /proc/*/sys/kernel doesn't. This patch
 fixes the profile.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 profiles/apparmor.d/usr.sbin.ntpd |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@@ -59,11 +59,11 @@
   /var/run/ntpd.pid w,
   /var/tmp/ntp* rwl,
   @{PROC}/*/net/if_inet6 r,
-  @{PROC}/*/sys/kernel/ngroups_max r,
+  @{PROC}/sys/kernel/ngroups_max r,
 
   # allow access for when chrooted
   /var/lib/ntp/@{PROC}/*/net/if_inet6 r,
-  /var/lib/ntp/@{PROC}/*/sys/kernel/ngroups_max r,
+  /var/lib/ntp/@{PROC}/sys/kernel/ngroups_max r,
  
   @{NTPD_DEVICE} rw,
 }
Accepting request 57745 from security:apparmor:factory Accepted submit request 57745 from user jeff_mahoney OBS-URL: https://build.opensuse.org/request/show/57745 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=1 2011-01-17 17:43:05 +01:00			`From: Jeff Mahoney <jeffm@suse.com>`
			`Subject: apparmor: Fix incorrect /proc/*/sys usage in usr.sbin.ntpd`
			`References: bnc#634801`

			`/proc/sys/kernel exists, but /proc/*/sys/kernel doesn't. This patch`
			`fixes the profile.`

			`Signed-off-by: Jeff Mahoney <jeffm@suse.com>`
			`---`
			`profiles/apparmor.d/usr.sbin.ntpd \| 4 ++--`
			`1 file changed, 2 insertions(+), 2 deletions(-)`

			`--- a/profiles/apparmor.d/usr.sbin.ntpd`
			`+++ b/profiles/apparmor.d/usr.sbin.ntpd`
			`@@ -59,11 +59,11 @@`
			`/var/run/ntpd.pid w,`
			`/var/tmp/ntp* rwl,`
			`@{PROC}/*/net/if_inet6 r,`
			`- @{PROC}/*/sys/kernel/ngroups_max r,`
			`+ @{PROC}/sys/kernel/ngroups_max r,`

			`# allow access for when chrooted`
			`/var/lib/ntp/@{PROC}/*/net/if_inet6 r,`
			`- /var/lib/ntp/@{PROC}/*/sys/kernel/ngroups_max r,`
			`+ /var/lib/ntp/@{PROC}/sys/kernel/ngroups_max r,`

			`@{NTPD_DEVICE} rw,`
			`}`