[Bug 722815] [NEW] apparmor prevents ntp from reading gpsd
John Nogatch
722815 at bugs.launchpad.net
Mon Feb 21 21:10:04 UTC 2011
Public bug reported:
Binary package hint: ntp
Ubuntu 10.10
ntp 1:4.2.4p8+dfsg-1ubuntu6
With gpsd installed and a USB GPS device plugged in, xgps shows that GPS
data is available, but "ntpq -p" does not display it. "server" and
"fudge" lines had already been added to /etc/ntp.conf & ntp restarted.
/etc/apparmor.d/usr.sbin.ntpd needs to have 1 line added, "capability
ipc_owner," (after the line "capability ipc_lock,") and then apparmor
and ntp need to be restarted. "ntpq -p" then shows the time obtained
from the GPS.
The man page for shmat(2) indicates that EACCES is returned if the
process lacks CAP_IPC_OWNER. Perhaps if ntp requested access with
SHM_RDONLY, owner capability might not be required? Does adding
"capability ipc_owner," open a security hole?
** Affects: ntp (Ubuntu)
Importance: Undecided
Status: New
** Tags: apparmor gpsd ntp
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in ubuntu.
https://bugs.launchpad.net/bugs/722815
Title:
apparmor prevents ntp from reading gpsd
More information about the Ubuntu-server-bugs
mailing list