Package: chrony Version: 3.2-4 Severity: normal Hi, I happened to find in [1] that we need to add w to some apparmor rules for local PPS devices. TL;DR I enabled all devices as they are in man chrony.conf and got Denies like:
[ 5756.216096] audit: type=1400 audit(1519379582.153:21): apparmor="DENIED" operation="open" profile="/usr/sbin/chronyd" name="/dev/rtc0" pid=4216 comm="chronyd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 I'd suggest the following for now: --- --- chrony-3.2/debian/changelog 2018-02-20 18:27:10.000000000 +0100 +++ chrony-3.2/debian/changelog 2018-02-23 12:14:57.000000000 +0100 @@ -1,3 +1,10 @@ +chrony (3.2-5) unstable; urgency=medium + + * debian/usr.sbin.chronyd: allow write access to rtc, pps and ptp devices + as that is how chrony initializes them (LP: #1751241) + + -- Christian Ehrhardt <christian.ehrha...@canonical.com> Fri, 23 Feb 2018 12:13:57 +0100 + chrony (3.2-4) unstable; urgency=medium * debian/changelog: diff -Nru chrony-3.2/debian/usr.sbin.chronyd chrony-3.2/debian/usr.sbin.chronyd --- chrony-3.2/debian/usr.sbin.chronyd 2018-02-08 19:20:27.000000000 +0100 +++ chrony-3.2/debian/usr.sbin.chronyd 2018-02-23 12:13:48.000000000 +0100 @@ -32,11 +32,11 @@ # rtc /etc/adjtime r, - /dev/rtc{,[0-9]*} r, + /dev/rtc{,[0-9]*} rw, # gps devices - /dev/pps[0-9]* r, - /dev/ptp[0-9]* r, + /dev/pps[0-9]* rw, + /dev/ptp[0-9]* rw, # For use with clocks that report via shared memory (e.g. gpsd), # you may need to give ntpd access to all of shared memory, though --- [1]: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241 -- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd