Thanks for tracking this down! Unfortunately, ipc_owner is a rather
strong capability (allows access to all shared memory), and it looks
like ntpd expects to actually write to the memory region (e.g.
"shm->valid = 0" is in the code), so SHM_RDONLY doesn't seem viable
either. Instead, I've added a note to the AppArmor profile itself
pointing people to the right option if they want to enable it for their
local system (since it doesn't seem appropriate to do this by default
for all ntpd users).
** Changed in: ntp (Ubuntu)
Status: Confirmed => Fix Committed
** Changed in: ntp (Ubuntu)
Assignee: (unassigned) => Kees Cook (kees)
** Changed in: ntp (Ubuntu)
Importance: Low => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in ubuntu.
https://bugs.launchpad.net/bugs/722815
Title:
apparmor prevents ntp from reading gpsd
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
