ntp profile denies write access to serial devices

This bug was fixed in the package ntp - 1:4.2.4p8+dfsg-1ubuntu4

---------------
ntp (1:4.2.4p8+dfsg-1ubuntu4) maverick; urgency=low

  * debian/dhcp.ntp: Dont remove *all* ntp server from ntp.conf.
    (LP: #575458)
  * debian/apparmor-profile: Allow access to /dev/ttyS*
    (LP: #596859)
 -- Chuck Short <email address hidden> Tue, 22 Jun 2010 09:24:02 -0400

This appears to be broken again, the 10.04 default profile has:

# vim:syntax=apparmor
# Last Modified: Tue Aug 11 16:14:21 CDT 2009
# Updated for Ubuntu by: Jamie Strandboge <email address hidden>

<snip>

  @{NTPD_DEVICE} r,

So it only allows read-access to the devices. Also broken/reverted is the tunables which has:

# Last Modified: Thu Aug 2 14:37:03 2007
# $Id: usr.sbin.ntpd 1102 2008-02-19 10:35:19Z jrjohansen $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#Add your ntpd devices here eg. if you have a DCF clock
# @{NTPD_DEVICE}=/dev/ttyS*
@{NTPD_DEVICE}="/dev/tty10"

Again, no default access to serial ports and modification date is before the message #4 (above). Can this be fixed again and pushed back to debian so it stays fixed?

Paul,

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I've just checked the current development version, and I see "@{NTPD_DEVICE} rw" in /etc/apparmor.d/usr.sbin.ntpd and "@{NTPD_DEVICE}="/dev/null"" in /etc/apparmor.d/tunables/ntpd.

You said that you're using 10.04. This is an older release than where the bug was fixed in, so this would make sense. If you are using an old release, a workaround is to fix /etc/apparmor.d/usr.sbin.ntpd by hand. Even in the current release, it appears that it is intended and required to specify the serial port device in /etc/apparmor.d/tunables/ntpd.

So as far as I can determine, this bug is fixed in the current development version and there has been no regression. But if I'm mistaken, please let us know!

Thanks Robie for the quick reply, but I though 10.04.4 LTS would have such bug-fixes included?

After all the ISO used to install is from after the date of the fix, and the major package numbers are the same (comment #1 mentions 1:4.2.4p8+dfsg-1ubuntu4 and my machine is reporting 1:4.2.4p8+dfsg-1ubuntu2.1)

Paul,

In order to maintain stability, a stable release only gets bugfixes backported if they are deemed severe enough. I'm not sure that this bug qualifies, because it only affects a small number of users (those with hardware clocks) and a trivial workaround is available.

More details of the policy and process are here: https://wiki.ubuntu.com/StableReleaseUpdates