Ubuntu
gpsd package

  1. Bug #1872175
  2. Activity log

Activity log for bug #1872175

Date Who What changed Old value New value Message
2020-04-11 08:54:20 Mark Shuttleworth bug added bug
2020-04-11 08:54:50 Mark Shuttleworth bug task added chrony (Ubuntu)
2020-04-16 13:47:39 Christian Ehrhardt  bug added subscriber Ubuntu Server
2020-04-16 13:51:59 Christian Ehrhardt  tags server-next
2020-04-22 09:34:43 Christian Ehrhardt  gpsd (Ubuntu): status New Confirmed
2020-04-27 14:29:09 Christian Ehrhardt  gpsd (Ubuntu): status Confirmed Triaged
2020-04-27 14:29:11 Christian Ehrhardt  gpsd (Ubuntu): assignee Christian Ehrhardt  (paelzer)
2020-04-27 15:54:37 Christian Ehrhardt  bug added subscriber Ubuntu Security Team
2020-04-27 19:29:40 Christian Ehrhardt  attachment added caps trace https://bugs.launchpad.net/ubuntu/+source/gpsd/+bug/1872175/+attachment/5361910/+files/gpsd.caps
2020-04-27 19:30:01 Christian Ehrhardt  attachment added gpsd strace https://bugs.launchpad.net/ubuntu/+source/gpsd/+bug/1872175/+attachment/5361911/+files/gpsd.strace
2020-05-05 10:18:41 Christian Ehrhardt  description GPSd fails to access the socket used to communicate PPS signals with Chrony. From the startup log: gpsd:PROG: PPS:/dev/ttyS0 connect chrony socket failed: /var/run/chrony.ttyS0.sock, error: -2, errno: 13/Permission denied The socket in question has these permissions: $ ls -l /var/run/chrony.ttyS0.sock srwxr-xr-x 1 root root 0 Apr 10 17:25 /var/run/chrony.ttyS0.sock gpsd is running as its own user gpsd, and chrony as _chrony. $ groups gpsd gpsd : dialout $ groups _chrony _chrony : _chrony I have tried adding gpsd to group _chrony and changing the ownership and permissions of chrony.ttyS0.sock but to no avail. I always see the permission denied message. AppArmor rules for gpsd appear to allow the connection, too: # default paths feeding GPS data into chrony /{,var/}run/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, /tmp/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, So I am stumped. [Impact] * Current GPSD apparmor isolation is too strict to use PPS devices properly. * backport changes we added to 20.10 to fix this [Test Case] * Set up a PPS device with chrony/gpsd as described in [1] Check the log output. Bad case: gpsd:PROG: PPS:/dev/ttyS0 connect chrony socket failed: /var/run/chrony.ttyS0.sock, error: -2, errno: 13/Permission denied Good case does not show the errors above. Check that gpsd properly initializes the device by ensuring this works for the whole stack and chrony ends up getting proper PPS time data (also in [1]). [1]: https://ubuntu.com/server/docs/network-ntp [Regression Potential] * As always with apparmor changes the regression risk comes in two way: - we allow more than before, that could be insecure but we have the +1 from the security team and optimized to further reduce permissions. - we deny some access (to silence warnings) which could, if strictly required for un-tested use cases break these use-cases. Neither in the tests nor in the review/discussion such cases were identified. [Other Info] * This is accepted in Debians packaging git, if not in Groovy in time I'll need to put an 3.20-8ubuntu1 there, but I can preparing the SRU independent to that. ---- ---- GPSd fails to access the socket used to communicate PPS signals with Chrony. From the startup log: gpsd:PROG: PPS:/dev/ttyS0 connect chrony socket failed: /var/run/chrony.ttyS0.sock, error: -2, errno: 13/Permission denied The socket in question has these permissions: $ ls -l /var/run/chrony.ttyS0.sock srwxr-xr-x 1 root root 0 Apr 10 17:25 /var/run/chrony.ttyS0.sock gpsd is running as its own user gpsd, and chrony as _chrony. $ groups gpsd gpsd : dialout $ groups _chrony _chrony : _chrony I have tried adding gpsd to group _chrony and changing the ownership and permissions of chrony.ttyS0.sock but to no avail. I always see the permission denied message. AppArmor rules for gpsd appear to allow the connection, too:   # default paths feeding GPS data into chrony   /{,var/}run/chrony.tty{,S,USB,AMA}[0-9]*.sock rw,   /tmp/chrony.tty{,S,USB,AMA}[0-9]*.sock rw, So I am stumped.
2020-05-05 10:45:54 Launchpad Janitor merge proposal linked https://code.launchpad.net/~paelzer/ubuntu/+source/gpsd/+git/gpsd/+merge/383405
2020-05-12 10:11:25 Christian Ehrhardt  nominated for series Ubuntu Focal
2020-05-12 10:11:25 Christian Ehrhardt  bug task added chrony (Ubuntu Focal)
2020-05-12 10:11:25 Christian Ehrhardt  bug task added gpsd (Ubuntu Focal)
2020-05-12 10:11:31 Christian Ehrhardt  bug task deleted chrony (Ubuntu)
2020-05-12 10:11:37 Christian Ehrhardt  bug task deleted chrony (Ubuntu Focal)
2020-05-12 22:42:26 Launchpad Janitor gpsd (Ubuntu): status Triaged Fix Released
2020-05-13 04:37:17 Christian Ehrhardt  gpsd (Ubuntu Focal): status New Triaged
2020-05-13 04:37:20 Christian Ehrhardt  gpsd (Ubuntu Focal): importance Undecided High
2020-05-13 13:52:18 Robie Basak gpsd (Ubuntu Focal): status Triaged Fix Committed
2020-05-13 13:52:19 Robie Basak bug added subscriber Ubuntu Stable Release Updates Team
2020-05-13 13:52:22 Robie Basak bug added subscriber SRU Verification
2020-05-13 13:52:24 Robie Basak tags server-next server-next verification-needed verification-needed-focal
2020-05-14 09:46:30 Christian Ehrhardt  tags server-next verification-needed verification-needed-focal server-next verification-done verification-done-focal
2020-05-21 07:49:09 Launchpad Janitor gpsd (Ubuntu Focal): status Fix Committed Fix Released
2020-05-21 07:49:43 Łukasz Zemczak removed subscriber Ubuntu Stable Release Updates Team