Overview

File apparmor-2.5.1-ntpd-proc-fixes of Package apparmor.import4985

From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor: Fix incorrect /proc/*/sys usage in usr.sbin.ntpd
References: bnc#634801

 /proc/sys/kernel exists, but /proc/*/sys/kernel doesn't. This patch
 fixes the profile.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 profiles/apparmor.d/usr.sbin.ntpd |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@@ -59,11 +59,11 @@
   /var/run/ntpd.pid w,
   /var/tmp/ntp* rwl,
   @{PROC}/*/net/if_inet6 r,
-  @{PROC}/*/sys/kernel/ngroups_max r,
+  @{PROC}/sys/kernel/ngroups_max r,
 
   # allow access for when chrooted
   /var/lib/ntp/@{PROC}/*/net/if_inet6 r,
-  /var/lib/ntp/@{PROC}/*/sys/kernel/ngroups_max r,
+  /var/lib/ntp/@{PROC}/sys/kernel/ngroups_max r,
  
   @{NTPD_DEVICE} rw,
 }
openSUSE Build Service is sponsored by
Places