Package: chrony
Version: 3.2-4
Severity: normal
Hi,
I happened to find in [1] that we need to add w to some apparmor rules
for local PPS devices.
TL;DR I enabled all devices as they are in man chrony.conf and got Denies like:
[ 5756.216096] audit: type=1400 audit(1519379582.153:21):
apparmor="DENIED" operation="open" profile="/usr/sbin/chronyd"
name="/dev/rtc0" pid=4216 comm="chronyd" requested_mask="w"
denied_mask="w" fsuid=0 ouid=0
I'd suggest the following for now:
---
--- chrony-3.2/debian/changelog 2018-02-20 18:27:10.000000000 +0100
+++ chrony-3.2/debian/changelog 2018-02-23 12:14:57.000000000 +0100
@@ -1,3 +1,10 @@
+chrony (3.2-5) unstable; urgency=medium
+
+ * debian/usr.sbin.chronyd: allow write access to rtc, pps and ptp devices
+ as that is how chrony initializes them (LP: #1751241)
+
+ -- Christian Ehrhardt <christian.ehrha...@canonical.com> Fri, 23
Feb 2018 12:13:57 +0100
+
chrony (3.2-4) unstable; urgency=medium
* debian/changelog:
diff -Nru chrony-3.2/debian/usr.sbin.chronyd chrony-3.2/debian/usr.sbin.chronyd
--- chrony-3.2/debian/usr.sbin.chronyd 2018-02-08 19:20:27.000000000 +0100
+++ chrony-3.2/debian/usr.sbin.chronyd 2018-02-23 12:13:48.000000000 +0100
@@ -32,11 +32,11 @@
# rtc
/etc/adjtime r,
- /dev/rtc{,[0-9]*} r,
+ /dev/rtc{,[0-9]*} rw,
# gps devices
- /dev/pps[0-9]* r,
- /dev/ptp[0-9]* r,
+ /dev/pps[0-9]* rw,
+ /dev/ptp[0-9]* rw,
# For use with clocks that report via shared memory (e.g. gpsd),
# you may need to give ntpd access to all of shared memory, though
---
[1]: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241
--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
