ntp profile denies write access to serial devices
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ntp (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: ntp
While reporting and testing for bug #596010 using the 10.04 release candidate I found that the intended user-tunable apparmor options in /etc/apparmor.
While it might initially seem reasonable that you just 'read' the time from a serial port GPS or similar, in practice most of the drivers for serial clocks also need write-access to configure and/or poll them for the time.
I found that changing line 35 in /etc/apparmor.
@{NTPD_DEVICE} r,
to this:
@{NTPD_DEVICE} rw,
seems to fix things so allowing /dev/ttyS* in the tunables works OK.
Related branches
tags: | added: apparmor |
Changed in ntp (Ubuntu): | |
importance: | Undecided → Low |
status: | New → Triaged |
This bug was fixed in the package ntp - 1:4.2.4p8+ dfsg-1ubuntu4
--------------- 4p8+dfsg- 1ubuntu4) maverick; urgency=low
ntp (1:4.2.
* debian/dhcp.ntp: Dont remove *all* ntp server from ntp.conf. apparmor- profile: Allow access to /dev/ttyS*
(LP: #575458)
* debian/
(LP: #596859)
-- Chuck Short <email address hidden> Tue, 22 Jun 2010 09:24:02 -0400