Mark, the ntp profile in Ubuntu supports the NTPD_DEVICE tunable and
after reading https://www.kernel.org/doc/Documentation/pps/pps.txt it
seems like this would be the appropriate place to put this. Eg
$ cat /etc/apparmor.d/tunables/ntpd
...
#Add your ntpd devices here eg. if you have a DCF clock
# @{NTPD_DEVICE}="/dev/ttyS1"
@{NTPD_DEVICE}="/dev/null"
Adjust that to be:
@{NTPD_DEVICE}="/dev/pps[0-9]*"
Then do:
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.ntpd
The above expands to the equivalent line you proposed in the
description.
Would this suit your needs?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1564832
Title:
Apparmor profile for NTPd needs to allow read/write access to
/dev/ppsX
Status in ntp package in Ubuntu:
Triaged
Bug description:
Am trying to get NTP to work with the kernel PPS subsystem, for high-
accuracy GPS-based clocks. On startup of NTPd I see this:
Apr 1 11:18:58 doorway kernel: [ 300.387443] audit: type=1400
audit(1459505938.042:9): apparmor="DENIED" operation="open"
profile="/usr/sbin/ntpd" name="/dev/pps0" pid=1668 comm="ntpd"
requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Adding this to the usr.sbin.ntpd apparmor profile eliminated the
error:
/dev/pps[0-9]* rw,
I'm not sure why ntpd needs *write* access to ppsN though, perhaps that can
be improved.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1564832/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
