finalize a chrony apparmor profile and enable it by default
Bug #1744662 reported by
Christian Ehrhardt
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| chrony (Debian) |
Fix Released
|
Unknown
|
|||
| chrony (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Bug Description
Hi,
there currently is no chrony apparmor profile so please add one.
This could be based on the ntp profile minus all the special HW it needed to access (which chrony only does through gpsd).
It might need a few extra rules for GPSD shared memory access.
1. create initial template bases on ntp
2. stip ntpd only rules
3. study gpsd usage, add rules
4. run tests for common cases if we hit false denies
5. add to the package as default enabled
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in chrony (Ubuntu): | |
| assignee: | nobody → Jamie Strandboge (jdstrand) |
| status: | New → Fix Committed |
| tags: | added: apparmor |
| Changed in chrony (Debian): | |
| status: | Unknown → New |
Revision history for this message
| Christian Ehrhardt (paelzer) wrote | #2 |
| Changed in chrony (Debian): | |
| status: | New → Fix Committed |
| Changed in chrony (Debian): | |
| status: | Fix Committed → Fix Released |
| Changed in chrony (Ubuntu): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is now done in https:/
Here is the upstream submission: https:/
Here is the Debian bug: https:/