[apparmor] AppArmor and ntpd

Martin Burnicki martin.burnicki at meinberg.de
Fri Dec 3 12:23:08 GMT 2010

Hi all,

I've just subscribed to the list because of a bug report on openSUSE's

I'd just like to bring to your mind (or remind you) that an NTP daemon
running as stratum-1 time server usually needs to access a hardware
device it uses as reference time source. If a refclock is connected via
a serial port then the device node can be something like /dev/ttyS*, but
there are also PCI cards which come with an own driver providing special
device nodes to let ntpd read the ref time directly from the PCI card.

For examples, the PCI cards manufactured by the company I'm working for
come with a driver which implements device nodes /dev/mbgclock*.

So It would be great if the names of such devices could easily be
specified in an AppArmor profile for ntpd. AFAIK this is the case in the
current implementation, but as said above, I just wanted to be sure this
is kept in mind ... ;-)


Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the AppArmor mailing list