Thanks for tracking this down! Unfortunately, ipc_owner is a rather
strong capability (allows access to all shared memory), and it looks
like ntpd expects to actually write to the memory region (e.g.
shm-valid = 0 is in the code), so SHM_RDONLY doesn't seem viable
either. Instead, I've added a
This bug was fixed in the package ntp - 1:4.2.6.p2+dfsg-1ubuntu5
---
ntp (1:4.2.6.p2+dfsg-1ubuntu5) natty; urgency=low
* debian/apparmor-profile: add note about using shared memory for
a clock source (LP: #722815).
-- Kees Cook k...@ubuntu.com Thu, 10 Mar 2011 12:54:59 -0800
A quick hack (not recommended though as it most likely gives ntpd access
to shm and opens up a security hole) is to edit
/etc/apparmor.d/tunables/ntpd and use:
@{NTPD_DEVICE}=/proc/sysvipc/shm
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in ubuntu.
https://bugs.launchpad.net/bugs/722815
Title:
apparmor prevents ntp from reading gpsd
--
Ubuntu-server-bugs mailing list
** Patch added: add ipc_owner to ntp apparmor profile
https://bugs.launchpad.net/bugs/722815/+attachment/1864446/+files/usr.sbin.ntpd.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in ubuntu.
** Changed in: ntp (Ubuntu)
Importance: Undecided = Low
** Changed in: ntp (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in ubuntu.
https://bugs.launchpad.net/bugs/722815
Title:
My previous patch file was made incorrectly. This new patch file has the
files in correct order, with full pathname.
** Patch added: add ipc_owner to ntp apparmor profile
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/722815/+attachment/1864472/+files/usr.sbin.ntpd.patch
--
You received
** Patch removed: add ipc_owner to ntp apparmor profile
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/722815/+attachment/1864446/+files/usr.sbin.ntpd.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in ubuntu.