Bug#1034519: marked as done (chrony: AppArmor profile denies creation of chrony.ppsX.sock)

Tue, 09 May 2023 13:27:20 -0700 

Your message dated Tue, 09 May 2023 20:23:15 +0000
with message-id <[email protected]>
and subject line Bug#1034519: fixed in chrony 4.3-2+deb12u1
has caused the Debian Bug report #1034519,
regarding chrony: AppArmor profile denies creation of chrony.ppsX.sock
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1034519: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034519
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: chrony
Version: 4.3
Severity: normal
X-Debbugs-Cc: [email protected]

Dear Maintainer,

gpsd and chronyd can communicate via domain sockets such as 
/var/run/chrony.ttyS0.sock. chronyd creates the sockets and gpsd connects to 
them.

However, the AppArmor profile for chronyd is too strict; it only allows the 
creation of sockets for tty devices, and not pps devices.

    @{run}/chrony.tty{,*}.sock rw,

The corresponding rules on the gpsd profile are:

    /{,var/}run/chrony.tty{,S,USB,AMA}[0-9]*.sock rw,
    /tmp/chrony.tty{,S,USB,AMA}[0-9]*.sock rw,

Could these be relaxed to allow /var/run/chrony.*.sock?


Ryan

-- System Information:
Debian Release: 11.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 5.15.49-linuxkit (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_RANDSTRUCT
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages chrony depends on:
ii  adduser              3.118
ii  init-system-helpers  1.60
pn  iproute2             <none>
ii  libc6                2.31-13+deb11u3
pn  libcap2              <none>
pn  libedit2             <none>
ii  libgnutls30          3.7.1-5
ii  libnettle8           3.7.3-1
ii  libseccomp2          2.5.1-1+deb11u1
ii  tzdata               2021a-1+deb11u3
pn  ucf                  <none>

chrony recommends no packages.

Versions of packages chrony suggests:
pn  dnsutils             <none>
pn  networkd-dispatcher  <none>

--- End Message ---
--- Begin Message --- 
Source: chrony
Source-Version: 4.3-2+deb12u1
Done: Vincent Blut <[email protected]>

We believe that the bug you reported is fixed in the latest version of
chrony, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Blut <[email protected]> (supplier of updated chrony package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 08 May 2023 22:05:00 +0200
Source: chrony
Architecture: source
Version: 4.3-2+deb12u1
Distribution: unstable
Urgency: medium
Maintainer: Vincent Blut <[email protected]>
Changed-By: Vincent Blut <[email protected]>
Closes: 1034519
Changes:
 chrony (4.3-2+deb12u1) unstable; urgency=medium
 .
   * debian/usr.sbin.chronyd:
     - Modify the AppArmor profile to allow more gpsd socket names. This will
     avoid the need for users to override the profile to let chronyd consume PPS
     samples or serial time supplied by gpsd over a Unix-domain socket.
     Thanks to Ryan Govostes for the report. (Closes: #1034519)
Checksums-Sha1:
 d778deb85b36beff698c815c5d75b628f2469ebb 2377 chrony_4.3-2+deb12u1.dsc
 44850b442d6556713dcfbaed6a3bc4e670daffee 40532 
chrony_4.3-2+deb12u1.debian.tar.xz
Checksums-Sha256:
 f8d31c5b2f2f8c82f30e805eebdf9a79796e1f2bfeb96b620c6d08a61e8ec5a3 2377 
chrony_4.3-2+deb12u1.dsc
 ea3bd27e1d5f784303c10626131ca07f70b05ace9a018fddc8bcce2bdbd3f455 40532 
chrony_4.3-2+deb12u1.debian.tar.xz
Files:
 62b7b162b409c961b349654654200752 2377 net optional chrony_4.3-2+deb12u1.dsc
 9bb35b879a881b5a62f105cfa5471f11 40532 net optional 
chrony_4.3-2+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmRapJoACgkQnFyZ6wW9
dQrv5wf+JsCoxYe1Ay05J6SMr8wlerbljJMPXxSqvr4xlh3Crxgfm7vkQNK+ADSu
/AdwFGa0b60r7L67S7avwwrGpk66qS1Zn7w4BoxEuOszZkHCMnnNd1IVm1j97yeI
RufK1oXNh62mTNLx91PpY6+nIAt1SMTwesBEKxHH7s6P8tJE/uErhEFJzPz2gvM7
bykOsdr3s1k1rSnYToAFx8kPmsTDZzliGs+gfmbwxl89vRwRGI5svPMN0B/a9Y9o
u0A9cKk6fCm7haeMuTJ8FYbJmDtiNmCfSCOsEPjrGKwRGso3XO2JFaiCMaiTxK9g
dd5O25Uc8rZ83er5dgcUskfx4j4cvQ==
=PeND
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to