[Bug 722815] Re: apparmor prevents ntp from reading gpsd

Thanks for tracking this down! Unfortunately, ipc_owner is a rather strong capability (allows access to all shared memory), and it looks like ntpd expects to actually write to the memory region (e.g. shm-valid = 0 is in the code), so SHM_RDONLY doesn't seem viable either. Instead, I've added a

[Bug 722815] Re: apparmor prevents ntp from reading gpsd

This bug was fixed in the package ntp - 1:4.2.6.p2+dfsg-1ubuntu5 --- ntp (1:4.2.6.p2+dfsg-1ubuntu5) natty; urgency=low * debian/apparmor-profile: add note about using shared memory for a clock source (LP: #722815). -- Kees Cook k...@ubuntu.com Thu, 10 Mar 2011 12:54:59 -0800

[Bug 722815] Re: apparmor prevents ntp from reading gpsd

A quick hack (not recommended though as it most likely gives ntpd access to shm and opens up a security hole) is to edit /etc/apparmor.d/tunables/ntpd and use: @{NTPD_DEVICE}=/proc/sysvipc/shm -- You received this bug notification because you are a member of Ubuntu Server Team, which is

[Bug 722815] Re: apparmor prevents ntp from reading gpsd

** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in ubuntu. https://bugs.launchpad.net/bugs/722815 Title: apparmor prevents ntp from reading gpsd -- Ubuntu-server-bugs mailing list

[Bug 722815] Re: apparmor prevents ntp from reading gpsd

** Patch added: add ipc_owner to ntp apparmor profile https://bugs.launchpad.net/bugs/722815/+attachment/1864446/+files/usr.sbin.ntpd.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in ubuntu.

[Bug 722815] Re: apparmor prevents ntp from reading gpsd

** Changed in: ntp (Ubuntu) Importance: Undecided = Low ** Changed in: ntp (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in ubuntu. https://bugs.launchpad.net/bugs/722815 Title:

[Bug 722815] Re: apparmor prevents ntp from reading gpsd

My previous patch file was made incorrectly. This new patch file has the files in correct order, with full pathname. ** Patch added: add ipc_owner to ntp apparmor profile https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/722815/+attachment/1864472/+files/usr.sbin.ntpd.patch -- You received

[Bug 722815] Re: apparmor prevents ntp from reading gpsd

** Patch removed: add ipc_owner to ntp apparmor profile https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/722815/+attachment/1864446/+files/usr.sbin.ntpd.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in ubuntu.