finalize a chrony apparmor profile and enable it by default
Bug #1744662 reported by
Christian Ehrhardt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chrony (Debian) |
Fix Released
|
Unknown
|
|||
chrony (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Hi,
there currently is no chrony apparmor profile so please add one.
This could be based on the ntp profile minus all the special HW it needed to access (which chrony only does through gpsd).
It might need a few extra rules for GPSD shared memory access.
1. create initial template bases on ntp
2. stip ntpd only rules
3. study gpsd usage, add rules
4. run tests for common cases if we hit false denies
5. add to the package as default enabled
Changed in chrony (Debian): | |
status: | Unknown → New |
Changed in chrony (Debian): | |
status: | New → Fix Committed |
Changed in chrony (Debian): | |
status: | Fix Committed → Fix Released |
Changed in chrony (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is now done in https:/ /launchpad. net/ubuntu/ +source/ chrony/ 3.2-1ubuntu1 (sorry, I didn't realize this bug existed).
Here is the upstream submission: https:/ /gitlab. com/apparmor/ apparmor- profiles/ merge_requests/ 10
Here is the Debian bug: https:/ /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 888038