Your message dated Sat, 26 Mar 2022 11:59:13 +0000
with message-id
<c4d20274f6d76a43fb574d2177f6e3af4235e4be.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for updates in 11.3
has caused the Debian Bug report #1007747,
regarding bullseye-pu: package chrony/4.0-8+deb11u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1007747: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007747
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
[ Reason ]
The AppArmor profile for chronyd does not include a rule to read the chronyd
configuration file generated by the timemaster program.
[ Impact ]
Without the proposed fix, users must override the Apparmor profile (or at worse
set the profile to complain mode) to flowlessly use chronyd with timemaster.
[ Tests ]
I checked that AppArmor no longer sends 'denied' log entries as seen in
#1004745 when using chronyd with timemaster.
[ Risks ]
Low. An equivalent fix sits in testing/unstable for over a month now without
any regression so far.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Adding a rule in the AppArmor profile to allow chronyd to read the
configuration file /run/timemaster/chrony.conf
Cheers,
Vincent
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSRJQjHKbAUfuoc+DAQn1qAt/bgAQUCYjEp0AAKCRAQn1qAt/bg
AT7sAQDwqm/E7R4J1CelQmf5dq9+BUU5BRzBxgboHwcfU6N1WwD/Scx21KLyOQdJ
89J1VMvMWWCQDPENpd8SLsVGwEDrPwY=
=L1xq
-----END PGP SIGNATURE-----
diff -Nru chrony-4.0/debian/changelog chrony-4.0/debian/changelog
--- chrony-4.0/debian/changelog 2021-10-19 22:02:40.000000000 +0200
+++ chrony-4.0/debian/changelog 2022-03-14 22:17:25.000000000 +0100
@@ -1,3 +1,11 @@
+chrony (4.0-8+deb11u2) bullseye; urgency=medium
+
+ * debian/usr.sbin.chronyd:
+ - Allow reading the chronyd configuration file that timemaster(8)
+ generates. Thanks to Michael Lestinsky for the report! (Closes: #1004745)
+
+ -- Vincent Blut <vincent.deb...@free.fr> Mon, 14 Mar 2022 22:17:25 +0100
+
chrony (4.0-8+deb11u1) bullseye; urgency=medium
* debian/patches/:
diff -Nru chrony-4.0/debian/usr.sbin.chronyd chrony-4.0/debian/usr.sbin.chronyd
--- chrony-4.0/debian/usr.sbin.chronyd 2021-10-19 22:02:40.000000000 +0200
+++ chrony-4.0/debian/usr.sbin.chronyd 2022-03-14 22:17:25.000000000 +0100
@@ -67,6 +67,9 @@
/dev/pps[0-9]* rw,
/dev/ptp[0-9]* rw,
+ # Allow reading the chronyd configuration file that timemaster(8) generates
+ @{run}/timemaster/chrony.conf r,
+
# For use with clocks that report via shared memory (e.g. gpsd),
# you may need to give ntpd access to all of shared memory, though
# this can be considered dangerous. See https://launchpad.net/bugs/722815
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 11.3
Hi,
The updates referenced by these bugs were included in stable as part of
this morning's 11.3 point release.
Regards,
Adam
--- End Message ---
