After a discussion with jjohansen (thanks!) I learned that some of the
procfs access will trigger ptrace rules. Odd, but nice to know ...
After that was clear I was fixing he initial fail. I found a bunch of
further issues hidden behind those but it seems at least in my local
setup the following makes everything work.
1. We need to track disconnected
/usr/sbin/gpsd flags=(attach_disconnected) {
2. And we need those for PPS:
# required for pps initialization
capability dac_read_search,
capability sys_ptrace,
capability sys_time,
/sys/devices/virtual/pps/ r,
# triggerd on some /proc access needed for pps
ptrace read peer=unconfined,
# to submit data to chrony
ptrace read peer=/usr/sbin/chronyd,
# for lubusb
/sys/devices/**/usb[0-9]*/** r,
I'll ask the security team to +1 on those and will try with another
device on Wednesday (waiting for an antenna cable adapter)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872175
Title:
gpsd unable to open chrony PPS socket
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1872175/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
