Your message dated Sat, 19 Sep 2020 10:02:08 +0000
with message-id <[email protected]>
and subject line Bug#970421: fixed in chrony 3.4-4+deb10u1
has caused the Debian Bug report #970421,
regarding apparmor limit blocks temperature reading
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
970421: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970421
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chrony
Version: 3.4-4

Current apparmor profile for chrony lists
@{sys}/class/hwmon/hwmon[0-9]*/temp[0-9]*_input r,

which is great (and even how I have mine configured -
tempcomp /sys/class/hwmon/hwmon0/temp1_input 1 0 0 0 0) but it doesn't actually 
work. It results in lots of log lines like

Sep 15 23:06:37 gw.as397444.net audit[24397]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/chronyd" name="/sys/devices/virtual/thermal/thermal_zone0/hwmon0/temp1_input" pid=24397 comm="chronyd" requested_mask="r" denied_mask="r" fsuid=112 ouid=0
Sep 15 23:06:37 gw.as397444.net chronyd[24397]: Could not read temperature from 
/sys/class/hwmon/hwmon0/temp1_input
Sep 15 23:06:37 gw.as397444.net kernel: audit: type=1400 audit(1600225597.313:127): apparmor="DENIED" operation="open" profile="/usr/sbin/chronyd" name="/sys/devices/virtual/thermal/thermal_zone0/hwmon0/temp1_input" pid=24397 comm="chronyd" requested_mask="r" denied_mask="r" fsuid=112 ouid=0

Looks like somehow apparmor is resolving the file to a different path, 
checking, and then failing it.

An extra line like the following fixes it:
@{sys}/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/temp[0-9]*_input 
r,

Matt

--- End Message ---
--- Begin Message ---
Source: chrony
Source-Version: 3.4-4+deb10u1
Done: Vincent Blut <[email protected]>

We believe that the bug you reported is fixed in the latest version of
chrony, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Blut <[email protected]> (supplier of updated chrony package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 16 Sep 2020 13:44:04 +0200
Source: chrony
Architecture: source
Version: 3.4-4+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Vincent Blut <[email protected]>
Changed-By: Vincent Blut <[email protected]>
Closes: 970421
Changes:
 chrony (3.4-4+deb10u1) buster; urgency=medium
 .
   * debian/patches/:
     - Add create-new-file-when-writing-pidfile.patch to prevent symlink race
     when writing to PID file (CVE-2020-14367).
 .
   * debian/tests/:
     - Fix a regression when running upstream-simulation-test-suite autopkgtest
     on Buster.
 .
   [ Matt Corallo ]
   * debian/usr.sbin.chronyd:
     - Fix temperature reading. (Closes: #970421)
Checksums-Sha1:
 7be9134875e45be933907514979704abf90629f6 2306 chrony_3.4-4+deb10u1.dsc
 ca2c8cf1f3adb0d7e6d787439f58a6935d4eeafd 34116 
chrony_3.4-4+deb10u1.debian.tar.xz
Checksums-Sha256:
 b6a1cdccb4d8762d4f9c5c3edc00ae44d71e3e42a6f1ea4c549c3e9eed6f58f6 2306 
chrony_3.4-4+deb10u1.dsc
 a0bb648be742c68d026bf9b1161d8dcc477594dfd700a90d203ed547d144c8e2 34116 
chrony_3.4-4+deb10u1.debian.tar.xz
Files:
 71ac7a300270a45529c229935204ec82 2306 net optional chrony_3.4-4+deb10u1.dsc
 522de88df03e6a049df4a4d2dd1a660f 34116 net optional 
chrony_3.4-4+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAl9jvkkACgkQnFyZ6wW9
dQoL4gf/aewfrZff9iV63iEjtzR7pXlEJQXQ7NgHuPkOgnhM5WqQ47NETr8O0WsW
bJekz8jjLLMxikUO6a/Sk77AtkwfJeo8aRKQPUhBBDm4jBVdkxc3NIJcR6gzIxSt
9HvJlf7fURiyfh+6yRcsfxxhqJ9+M1H5z5zcKq9A/dUk4PvyWgC2OW98RdxJnvFk
opV46ES7Pm82ECuYX1nHUsdiK/6wLwAzf7Az1NE7iQnmfMeWxNY4jSofW29CV62A
bsDrlm2NChMrOSgYzZHqXJatNP5iJWphlp3KFPoHf9nBG3BMBhwcZmqUfawrwCmD
4v/RWhGzMQ/2c4MNd8wciXGaQZnCQA==
=NPOK
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to