It almost worked!!! After I disabled the AppArmor, looks like the ntp daemon tries to start the modem, but give me the error: *acts: no modem*. I have the symlink /dev/acts1 to /dev/modem
Here's my debug: ntpd [email protected] Tue Apr 22 01:42:22 UTC 2008 (1) addto_syslog: precision = 1.000 usec addto_syslog: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16 addto_syslog: Listening on interface #0 wildcard, 0.0.0.0#123 Disabled addto_syslog: no IPv6 interfaces found addto_syslog: no IPv6 interfaces found addto_syslog: Listening on interface #1 lo, 127.0.0.1#123 Enabled addto_syslog: Listening on interface #2 eth0, 10.0.0.1#123 Enabled addto_syslog: Listening on interface #3 eth1, 192.168.128.1#123 Enabled local_clock: time 0 offset 0.000000 freq 0.000 state 0 addto_syslog: kernel time sync status 0040 peer_crypto_clear: at 0 next 0 assoc ID 25340 key_expire: at 0 peer_clear: at 0 next 1 assoc ID 25340 refid INIT newpeer: 127.0.0.1->127.127.18.1 mode 3 vers 4 poll 6 10 flags 0x21 0x1 ttl 0 key 00000000 addto_syslog: frequency initialized 0.000 PPM from /var/lib/ntp/drift/ntp.drift ntp_syslogmask = 0x0000ffff (=all) local_clock: time 0 offset 0.000000 freq 0.000 state 1 addto_syslog: system event 'event_restart' (0x01) status 'sync_alarm, sync_unspec, 1 event, event_unspec' (0xc010) report_event: system event 'event_restart' (0x01) status 'sync_alarm, sync_unspec, 1 event, event_unspec' (0xc010) refclock_setup fd 4 modem status: 0x4126 refclock_ioctl: fd 4 flags 0xa4 acts: setup ATB1&C0&D2E0L1M1Q0V1 refclock_transmit: at 1 127.127.18.1 auth_agekeys: at 1 keys 0 expired 0 timer: refresh ts 0 timer: interface update addto_syslog: no IPv6 interfaces found addto_syslog: no IPv6 interfaces found addto_syslog: acts: no modem acts: 4124 (6 3) 7 Q0V1ATH acts: 4124 (6 3) 2 OK refclock_setup fd 4 modem status: 0x4126 refclock_ioctl: fd 4 flags 0xa4 acts: setup ATB1&C0&D2E0L1M1Q0V1 addto_syslog: acts: no modem acts: 4124 (6 3) 7 Q0V1ATH acts: 4124 (6 3) 2 OK On Wed, Jan 7, 2009 at 7:16 PM, Uwe Klein <[email protected]>wrote: > Diego Ramos wrote: > > I'm on Dell PowerEdge 1950, using Linux SLES 10 SP2 > > > > I created /dev/modem (it's a symlink to my real modem serial port: > > /dev/ttyS4) > > do you have AppArmor enabled? > > you may have to allow access for ntpd in the apparmor config menu in Yast2 > > uwe > > > some time ago I had a talk with someone ([email protected]) > at SuSE on this specific topic. > > ############################################################################ > Hi Uwe > > > >>> > So, is it sort of feature request? Like 'Enable editing associated > >>> > AppArmor profile from yast service configuration module' ? E.g. when > you > >>> > edit ntp configuration in yast, you'd like to be able to adjust > AppArmor > >>> > profile for ntpd from yast2-ntp module ... the same e.g. for Apache, > >>> > postfix, or whatever service we have AppArmor profiles for. > >>> > > > > >> > If so, I can file a feature request for you and then leave it up to > the > >> > project management to decide, whether they consider such feature > worth > >> > implementation > >> > >> Good idea, yes, please do! > > > As I promised, I've filed a feature request on integrating AppArmor > profiles > more closely with services configuration. Here is finally some sensible > output from the project management and appropriate developer team lead: > > <copy&paste> > Description: > This feature has been brought about by our openSUSE users. As we ship > and deploy by default restrictive AA profiles for network services such > as apache, ntpd, named and some others, which can be configured from > YaST, it would be nice to make users aware that their configuration > actually interacts with installed AA profile. In ideal case, user could > be offered an option to edit associated AA profile from YaST module for > that service (e.g. from ntp configuration module one could easily get > to AA ntpd profile and edit the rules) > > + Discussion: > + #1: [email protected] (2007-04-12 10:54:07) > + This is a great idea for extending the integration of AppArmor into the > + platform. Adding this functionaliity to yast wizards is a nice idea - > + another possibilty is a UI where services are managed (e.g. runlevel > + editor) you could provide a toggle to select AppApparmor confinement > + (and link to the profiling tools to generate or pull a profile from the > + repository) or to flag an application that has AppArmor REJECTS in the > + audit.log. Currently I don't think there is enough specific detail to > + scope out this as a deliverable for 10.3. I would like to research this > + further with the yast team to refine the idea into something for 10.4 > + /11. > </copy&paste> > > >> The recent versions have introduced a plethora of little things > >> that have a strong live of their own eating up resources and placing > >> "personal mines" ( like _zmd_, apparmor, dbus ) > > > Yeah, turn zmd off Everyone on Czech and German SUSE office does so and we > are definitely not responsible for this piece of crap ^W^W^W eh, zmd stuff. > The best is to mark it as 'taboo' already during the installation, so that > it > is never installed. > Cheers > > B. > -- \\\\\ Katarina Machalkova \\\\\\\__o YaST developer __\\\\\\\'/_ & > hedgehog painter > > _______________________________________________ > questions mailing list > [email protected] > https://lists.ntp.org/mailman/listinfo/questions > _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
