[Bug 2068526] Re: apparmor blocks using more than one timemaster clock with chrony

Mon, 22 Jul 2024 12:30:34 -0700 

Noble verification

# Reproducing the bug

ubuntu@n-ptp:~$ apt-cache policy chrony
chrony:
  Installed: 4.5-1ubuntu4
  Candidate: 4.5-1ubuntu4
  Version table:
 *** 4.5-1ubuntu4 500
        500 http://br.archive.ubuntu.com/ubuntu noble/main amd64 Packages
        100 /var/lib/dpkg/status

$ sudo timemaster -m -q -f /etc/linuxptp/minimal.conf
timemaster[153.210]: process 3251 started: chronyd -n -f 
/var/run/timemaster/chrony.conf
timemaster[153.211]: process 3252 started: ptp4l -l 5 -f 
/var/run/timemaster/ptp4l.0.conf -S -i enp5s0
timemaster[153.211]: process 3253 started: ptp4l -l 5 -f 
/var/run/timemaster/ptp4l.1.conf -S -i enp5s0
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
(...)

apparmor logs:
[Mon Jul 22 19:18:32 2024] audit: type=1400 audit(1721675912.240:148): 
apparmor="DENIED" operation="mknod" class="file" profile="/usr/sbin/chronyd" 
name="/run/timemaster/chrony.SOCK1" pid=3251 comm="chronyd" requested_mask="c" 
denied_mask="c" fsuid=0 ouid=0

# Checking the fix

Package from noble-proposed:
ubuntu@n-ptp:~$ apt-cache policy chrony
chrony:
  Installed: 4.5-1ubuntu4.1
  Candidate: 4.5-1ubuntu4.1
  Version table:
 *** 4.5-1ubuntu4.1 100
        100 http://br.archive.ubuntu.com/ubuntu noble-proposed/main amd64 
Packages
        100 /var/lib/dpkg/status
     4.5-1ubuntu4 500
        500 http://br.archive.ubuntu.com/ubuntu noble/main amd64 Packages


This time the timemaster command runs without exiting, and there are no 
apparmor logs:

$ sudo timemaster -m -q -f /etc/linuxptp/minimal.conf
timemaster[262.589]: process 4265 started: chronyd -n -f 
/var/run/timemaster/chrony.conf
timemaster[262.589]: process 4266 started: ptp4l -l 5 -f 
/var/run/timemaster/ptp4l.0.conf -S -i enp5s0
timemaster[262.593]: process 4267 started: ptp4l -l 5 -f 
/var/run/timemaster/ptp4l.1.conf -S -i enp5s0

As a further check, lsof shows that both socket files are opened by the chronyd 
process:
root@n-ptp:~# lsof -n | grep /run/timemaster/chrony.SOCK
chronyd   4265                        _chrony    4u     unix 0xffffa0ebc541f000 
     0t0      23035 /var/run/timemaster/chrony.SOCK0 type=DGRAM (CONNECTED)
chronyd   4265                        _chrony    5u     unix 0xffffa0ebc541f800 
     0t0      23036 /var/run/timemaster/chrony.SOCK1 type=DGRAM (CONNECTED)


Noble verification succeeded.


** Tags removed: verification-needed-noble
** Tags added: verification-done-noble

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068526

Title:
  apparmor blocks using more than one timemaster clock with chrony

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2068526/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to