[Bug 1751241] Re: enabling RTC support is blocked by apparmor
** Changed in: chrony (Debian) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
This bug was fixed in the package chrony - 3.2-4ubuntu1 --- chrony (3.2-4ubuntu1) bionic; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: switch to nss instead of tomcrypt (nss is in main) - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664) * Dropped changes (in Debian) - d/chrony.default, d/chrony.service: support /etc/default/chrony DAEMON_OPTS in systemd environment (LP: 1746081) - d/chrony.service: properly start after networking (LP: 1746458) - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444) * Added Changes: - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor (LP: #1751241, Closes: #891201) -- Christian Ehrhardt Mon, 26 Feb 2018 14:44:54 +0100 ** Changed in: chrony (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
** Changed in: chrony (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
** Changed in: chrony (Debian) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
Yes, it makes sense for them. I see now there is an '-s' option for the system clock, so write access for rtc makes a lot of sense. Based on your comments on the other two, +1. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
** Changed in: chrony (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
Reported to Debian, with some luck I'll have on Monday jdstrand and Debian responses and can integrate a fix. ** Bug watch added: Debian Bug tracker #891201 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891201 ** Also affects: chrony (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891201 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
Adding jdstrand to comment here if my assumption that w on these entries is fine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
Adding w would be
/dev/rtc{,[0-9]*} rw,
/dev/pps[0-9]* rw,
/dev/ptp[0-9]* rw,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1751241
Title:
enabling RTC support is blocked by apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751241] Re: enabling RTC support is blocked by apparmor
The same applied to: /dev/pps* /dev/ptp* There are actually rules for this, and the problem is that they are read only but chrony needs write as well. Maybe to some r-only would be ok, but until that is fixed in code (takes time) allow on these devices. They are not terribly security critical in regard to write access fortunately. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751241 Title: enabling RTC support is blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1751241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
