Added a SRU Template and an MP [1] for the SRU changes.
[1]:
https://code.launchpad.net/~paelzer/ubuntu/+source/chrony/+git/chrony/+merge/346740
** Description changed:
+ [Impact]
+
+ * Configurations that are not the default, but suggeste din the man page
+ hit apparmor denies. Super uncommon configurations are fine, then we'd
+ say please adapt this apparmor conffile, but those suggeste din the man
+ page should work.
+
+ * Fixed by backporting the apparmor rules we just brought to Debian and
+ Cosmic allowing those paths to be accessed
+
+ [Test Case]
+
+ * Use the features and start chrony, here two example for the issues
+ Edit /etc/chrony/chrony.conf and add
+ refclock SOCK /var/run/chrony.ttyS0.sock
+ tempcomp /sys/class/hwmon/hwmon0/temp2_input 30 /etc/chrony.tempcomp
+ systemctl restart chrony
+ * With the fixes there will be no denies anymore for these config entries
+ which are the default suggestions from the man page
+ * The thirs subcase with smb signing is ridiculously harder to test, but
+ I think the issue is clear enough that we can test the other two and
+ feel confident.
+
+ [Regression Potential]
+
+ * Two things come to mind:
+ - one is if we added a mistake to the apprmor rule then it won't load
+ correctly anymore
+ - any of the now allowed paths represent a security issue for somebody
+ out there and we missed that in our consideration
+ I must say both are highly unlikely, but since this section is about
+ thinking the impossible to describe what "could" happen, here you go.
+
+ [Other Info]
+
+ * n/a
+
+ ---
+
When using chrony with gpsd for very accurate time, chrony wants to
create a file called /var/run chrony.ttyXX.sock which gpsd will use when
it starts. The current apparmor rules for chrony prevent that file from
being created. I was able to fix this by manually adding this:
- /{,var/}run/chrony.tty{,*}.sock rw,
+ /{,var/}run/chrony.tty{,*}.sock rw,
Please check that for sanity and update the apparmor rules as needed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771028
Title:
Apparmor profile for chronyd needs to allow creation of
/var/run/chrony.tty*.sock
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1771028/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
