Could not open socket /var/run/timemaster/chrony.SOCK0
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chrony (Ubuntu) |
Fix Released
|
Medium
|
Bryce Harrington | ||
linuxptp (Ubuntu) |
Fix Released
|
Low
|
Bryce Harrington |
Bug Description
After updating from lunar to mantic and from linuxptp 3.1.1-4 to 4.0-1 timemaster.service fails to start because of apparmor.
[ 2096.796432] ptp ptp0: new virtual clock ptp1
[ 2096.796442] ptp ptp0: guarantee physical clock free running
[ 2096.808229] audit: type=1400 audit(169279542
[ 2096.810293] ptp ptp0: delete virtual clock ptp1
[ 2096.824806] ptp ptp0: only physical clock in use now
Adding the line below to /etc/apparmor.
/{,var/
I am not sure it is the proper solution.
ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: linuxptp 4.0-1
ProcVersionSign
Uname: Linux 6.2.0-27-generic x86_64
ApportVersion: 2.27.0-0ubuntu2
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: GNOME
Date: Wed Aug 23 15:13:22 2023
SourcePackage: linuxptp
UpgradeStatus: Upgraded to mantic on 2023-08-23 (0 days ago)
modified.
mtime.conffile.
Related branches
- git-ubuntu bot: Approve
- Andreas Hasenack: Approve
- Canonical Server packageset reviewers: Pending requested
- Canonical Server Reporter: Pending requested
-
Diff: 42 lines (+10/-2)3 files modifieddebian/changelog (+7/-0)
debian/control (+2/-1)
debian/timemaster.conf (+1/-1)
- git-ubuntu bot: Approve
- Andreas Hasenack: Approve
- Canonical Server packageset reviewers: Pending requested
- Canonical Server Reporter: Pending requested
-
Diff: 46 lines (+18/-2)2 files modifieddebian/changelog (+11/-0)
debian/usr.sbin.chronyd (+7/-2)
Changed in chrony (Ubuntu): | |
status: | Triaged → In Progress |
Changed in linuxptp (Ubuntu): | |
status: | Confirmed → In Progress |
tags: | added: noble |
Thanks for the ping on this @ahresse !
Yes, this should be very similar to thew old fix in bug 1771028
It is essentially yet another "chrony works with something else" use case.
There is a section for that in the chrony apparmor rules and we should indeed add the known default paths (like this) to be allowed.
And this is such a default path, from the man page: timemaster.
rundir - Specify the directory where should be generated chronyd, ntpd and ptp4l configuration files and sockets. The directory will be created if it doesn't exist. The default value is /var/run/
So on this we might even want to allow to read all sub-elements, including the generated config.
But RW for the socket.
But furthermore while touching it, in addition to the one reported I also see in the ptp4l sock_address - The address of the UNIX domain socket to be used by the refclock_sock servo. The default is /var/run/ refclock. ptp.sock
refclock_
So we should allow that path as well.
For chrony my proposal that - once agreed - we need to pick up would seem like
diff --git a/debian/ usr.sbin. chronyd b/debian/ usr.sbin. chronyd usr.sbin. chronyd usr.sbin. chronyd /chrony. *.sock rw, lib/samba/ ntp_signd/ socket rw, refclock. ptp.sock rw, timemaster/ chrony. SOCK0 rw,
index bc52d4f7..e64edc90 100644
--- a/debian/
+++ b/debian/
@@ -62,6 +62,13 @@ abi <abi/3.0>,
@{run}
# To sign replies to MS-SNTP clients by the smbd daemon
/var/
+ # default path of the sock to sync with ptp4l
+ @{run}/
+ # timemaster directory of chronyd, ... configuration files and sockets.
+ # read for all configs
+ @{run}/timemaster/* r,
+ # rw for coodination via the default socket path
+ @{run}/
# rtc
/etc/adjtime r,