| 2024-06-05 20:03:00 |
Kenneth Klette Jonassen |
bug |
|
|
added bug |
| 2024-06-05 20:03:40 |
Kenneth Klette Jonassen |
bug task added |
|
chrony (Ubuntu) |
|
| 2024-06-06 14:26:46 |
Paride Legovini |
chrony (Ubuntu): status |
New |
Triaged |
|
| 2024-06-06 14:27:28 |
Paride Legovini |
tags |
amd64 apport-bug noble |
amd64 apport-bug noble server-todo |
|
| 2024-06-06 14:27:36 |
Paride Legovini |
bug |
|
|
added subscriber Ubuntu Server |
| 2024-06-06 17:19:39 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
| 2024-06-19 15:25:17 |
Christian Ehrhardt |
tags |
amd64 apport-bug noble server-todo |
amd64 apport-bug noble |
|
| 2024-07-02 18:59:19 |
Andreas Hasenack |
chrony (Ubuntu): status |
Triaged |
In Progress |
|
| 2024-07-02 18:59:22 |
Andreas Hasenack |
chrony (Ubuntu): assignee |
|
Andreas Hasenack (ahasenack) |
|
| 2024-07-02 19:29:07 |
Andreas Hasenack |
nominated for series |
|
Ubuntu Noble |
|
| 2024-07-02 19:29:07 |
Andreas Hasenack |
bug task added |
|
chrony (Ubuntu Noble) |
|
| 2024-07-02 19:29:07 |
Andreas Hasenack |
bug task added |
|
linuxptp (Ubuntu Noble) |
|
| 2024-07-02 19:29:07 |
Andreas Hasenack |
nominated for series |
|
Ubuntu Oracular |
|
| 2024-07-02 19:29:07 |
Andreas Hasenack |
bug task added |
|
chrony (Ubuntu Oracular) |
|
| 2024-07-02 19:29:07 |
Andreas Hasenack |
bug task added |
|
linuxptp (Ubuntu Oracular) |
|
| 2024-07-02 19:29:32 |
Andreas Hasenack |
linuxptp (Ubuntu Noble): status |
New |
Invalid |
|
| 2024-07-02 19:29:36 |
Andreas Hasenack |
linuxptp (Ubuntu Oracular): status |
New |
Invalid |
|
| 2024-07-02 19:44:26 |
Andreas Hasenack |
description |
The fix for bug #2032805 allows chronyd to use one PTP clock/interface with timemaster, but not more than one.
Steps to reproduce (config must contain valid network interface names):
$ cat > minimal_timemaster.conf
# List two separate interfaces, or two separate domains with the same interface:
# [ptp_domain 0]
# interfaces ens1f0np0
[ptp_domain 127]
interfaces ens1f0np0 ens1f1np1
$ sudo timemaster -m -q -f minimal_timemaster.conf
timemaster[533042.285]: process 2755518 started: chronyd -n -f /var/run/timemaster/chrony.conf
timemaster[533042.285]: process 2755520 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.0.socket -t [127:ens1f0np0] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK0
timemaster[533042.286]: process 2755522 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.1.socket -t [127:ens1f1np1] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK1
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
...
Quickfix:
sudo sed -i 's|@{run}/timemaster/chrony.SOCK0 rw,|@{run}/timemaster/chrony.SOCK[0-9]* rw,|' /etc/apparmor.d/usr.sbin.chronyd
sudo systemctl reload apparmor
Expected output:
The timemaster command continues to run until pressing CTRL+C
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
chrony:
Installed: 4.5-1ubuntu4
Candidate: 4.5-1ubuntu4
linuxptp:
Installed: 4.0-1ubuntu1
Candidate: 4.0-1ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linuxptp 4.0-1ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: tsoffload linkout
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Jun 5 21:53:26 2024
Dependencies:
gcc-14-base 14-20240412-0ubuntu1
libc6 2.39-0ubuntu8.2
libgcc-s1 14-20240412-0ubuntu1
libidn2-0 2.3.7-2build1
libunistring5 1.1-2build1
InstallationDate: Installed on 2024-05-14 (22 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: linuxptp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.linuxptp.timemaster.conf: [modified]
mtime.conffile..etc.linuxptp.timemaster.conf: 2024-06-05T19:08:29.036254 |
[ Impact ]
* An explanation of the effects of the bug on users and
* justification for backporting the fix to the stable release.
* In addition, it is helpful, but not required, to include an
explanation of how the upload fixes this bug.
[ Test Plan ]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
* if other testing is appropriate to perform before landing this update,
this should also be described here.
[ Where problems could occur ]
* Think about what the upload changes in the software. Imagine the change is
wrong or breaks something else: how would this show up?
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This must '''never''' be "None" or "Low", or entirely an argument as to why
your upload is low risk.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance
[ Original Description ]
The fix for bug #2032805 allows chronyd to use one PTP clock/interface with timemaster, but not more than one.
Steps to reproduce (config must contain valid network interface names):
$ cat > minimal_timemaster.conf
# List two separate interfaces, or two separate domains with the same interface:
# [ptp_domain 0]
# interfaces ens1f0np0
[ptp_domain 127]
interfaces ens1f0np0 ens1f1np1
$ sudo timemaster -m -q -f minimal_timemaster.conf
timemaster[533042.285]: process 2755518 started: chronyd -n -f /var/run/timemaster/chrony.conf
timemaster[533042.285]: process 2755520 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.0.socket -t [127:ens1f0np0] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK0
timemaster[533042.286]: process 2755522 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.1.socket -t [127:ens1f1np1] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK1
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
...
Quickfix:
sudo sed -i 's|@{run}/timemaster/chrony.SOCK0 rw,|@{run}/timemaster/chrony.SOCK[0-9]* rw,|' /etc/apparmor.d/usr.sbin.chronyd
sudo systemctl reload apparmor
Expected output:
The timemaster command continues to run until pressing CTRL+C
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
chrony:
Installed: 4.5-1ubuntu4
Candidate: 4.5-1ubuntu4
linuxptp:
Installed: 4.0-1ubuntu1
Candidate: 4.0-1ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linuxptp 4.0-1ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: tsoffload linkout
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Jun 5 21:53:26 2024
Dependencies:
gcc-14-base 14-20240412-0ubuntu1
libc6 2.39-0ubuntu8.2
libgcc-s1 14-20240412-0ubuntu1
libidn2-0 2.3.7-2build1
libunistring5 1.1-2build1
InstallationDate: Installed on 2024-05-14 (22 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: linuxptp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.linuxptp.timemaster.conf: [modified]
mtime.conffile..etc.linuxptp.timemaster.conf: 2024-06-05T19:08:29.036254 |
|
| 2024-07-02 20:10:49 |
Andreas Hasenack |
description |
[ Impact ]
* An explanation of the effects of the bug on users and
* justification for backporting the fix to the stable release.
* In addition, it is helpful, but not required, to include an
explanation of how the upload fixes this bug.
[ Test Plan ]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
* if other testing is appropriate to perform before landing this update,
this should also be described here.
[ Where problems could occur ]
* Think about what the upload changes in the software. Imagine the change is
wrong or breaks something else: how would this show up?
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This must '''never''' be "None" or "Low", or entirely an argument as to why
your upload is low risk.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance
[ Original Description ]
The fix for bug #2032805 allows chronyd to use one PTP clock/interface with timemaster, but not more than one.
Steps to reproduce (config must contain valid network interface names):
$ cat > minimal_timemaster.conf
# List two separate interfaces, or two separate domains with the same interface:
# [ptp_domain 0]
# interfaces ens1f0np0
[ptp_domain 127]
interfaces ens1f0np0 ens1f1np1
$ sudo timemaster -m -q -f minimal_timemaster.conf
timemaster[533042.285]: process 2755518 started: chronyd -n -f /var/run/timemaster/chrony.conf
timemaster[533042.285]: process 2755520 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.0.socket -t [127:ens1f0np0] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK0
timemaster[533042.286]: process 2755522 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.1.socket -t [127:ens1f1np1] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK1
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
...
Quickfix:
sudo sed -i 's|@{run}/timemaster/chrony.SOCK0 rw,|@{run}/timemaster/chrony.SOCK[0-9]* rw,|' /etc/apparmor.d/usr.sbin.chronyd
sudo systemctl reload apparmor
Expected output:
The timemaster command continues to run until pressing CTRL+C
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
chrony:
Installed: 4.5-1ubuntu4
Candidate: 4.5-1ubuntu4
linuxptp:
Installed: 4.0-1ubuntu1
Candidate: 4.0-1ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linuxptp 4.0-1ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: tsoffload linkout
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Jun 5 21:53:26 2024
Dependencies:
gcc-14-base 14-20240412-0ubuntu1
libc6 2.39-0ubuntu8.2
libgcc-s1 14-20240412-0ubuntu1
libidn2-0 2.3.7-2build1
libunistring5 1.1-2build1
InstallationDate: Installed on 2024-05-14 (22 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: linuxptp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.linuxptp.timemaster.conf: [modified]
mtime.conffile..etc.linuxptp.timemaster.conf: 2024-06-05T19:08:29.036254 |
[ Impact ]
The chronyd apparmor profile was changed as a fix for bug #2032805 to allow chronyd to read/write a linuxptp timemaster socket:
@{run}/timemaster/chrony.SOCK0 rw,
That works, but is limiting, as it allows only one PTP clock/interface to be used. If another one is setup, the other socket will be blocked by apparmor, because its name will be "chrony.SOCK1", and so on.
The fix is to simply expand the apparmor rule to allow for more socket files:
@{run}/timemaster/chrony.SOCK[0-9]* rw,
[ Test Plan ]
* Launch a VM. For example:
lxc launch ubuntu-daily:oracular o-ptp --vm
* Install chrony and linuxptp in the VM:
sudo apt update && sudo apt install chrony linuxptp -y
* stop chrony:
sudo systemctl stop chrony.service
* Create a config file for timemaster, replacing the interface name with the one that exists in the VM:
/etc/linuxptp/minimal.conf:
[ptp_domain 0]
interfaces enp5s0
[ptp_domain 127]
interfaces enp5s0
* in one terminal, observe the output of "dmesg -wT | grep timemaster"
* in another terminal, run this command:
sudo timemaster -m -q -f /etc/linuxptp/minimal.conf
* In a system with the bug, the command will issue a "Fatal error" like this:
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
* At the same time, the system with the bug will also log this line in the "dmesg -wT" terminal:
[Tue Jul 2 20:08:12 2024] audit: type=1400 audit(1719950892.125:129): apparmor="DENIED" operation="mknod" class="file" profile="/usr/sbin/chronyd" name="/run/timemaster/chrony.SOCK1" pid=1942 comm="chronyd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
* In a fixed system, there will be no apparmor log in the "dmesg -wT" terminal, and the "timemaster" command will run without errors, and won't exit.
[ Where problems could occur ]
* Think about what the upload changes in the software. Imagine the change is
wrong or breaks something else: how would this show up?
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This must '''never''' be "None" or "Low", or entirely an argument as to why
your upload is low risk.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance
[ Original Description ]
The fix for bug #2032805 allows chronyd to use one PTP clock/interface with timemaster, but not more than one.
Steps to reproduce (config must contain valid network interface names):
$ cat > minimal_timemaster.conf
# List two separate interfaces, or two separate domains with the same interface:
# [ptp_domain 0]
# interfaces ens1f0np0
[ptp_domain 127]
interfaces ens1f0np0 ens1f1np1
$ sudo timemaster -m -q -f minimal_timemaster.conf
timemaster[533042.285]: process 2755518 started: chronyd -n -f /var/run/timemaster/chrony.conf
timemaster[533042.285]: process 2755520 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.0.socket -t [127:ens1f0np0] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK0
timemaster[533042.286]: process 2755522 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.1.socket -t [127:ens1f1np1] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK1
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
...
Quickfix:
sudo sed -i 's|@{run}/timemaster/chrony.SOCK0 rw,|@{run}/timemaster/chrony.SOCK[0-9]* rw,|' /etc/apparmor.d/usr.sbin.chronyd
sudo systemctl reload apparmor
Expected output:
The timemaster command continues to run until pressing CTRL+C
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
chrony:
Installed: 4.5-1ubuntu4
Candidate: 4.5-1ubuntu4
linuxptp:
Installed: 4.0-1ubuntu1
Candidate: 4.0-1ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linuxptp 4.0-1ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: tsoffload linkout
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Jun 5 21:53:26 2024
Dependencies:
gcc-14-base 14-20240412-0ubuntu1
libc6 2.39-0ubuntu8.2
libgcc-s1 14-20240412-0ubuntu1
libidn2-0 2.3.7-2build1
libunistring5 1.1-2build1
InstallationDate: Installed on 2024-05-14 (22 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: linuxptp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.linuxptp.timemaster.conf: [modified]
mtime.conffile..etc.linuxptp.timemaster.conf: 2024-06-05T19:08:29.036254 |
|
| 2024-07-02 20:14:01 |
Andreas Hasenack |
description |
[ Impact ]
The chronyd apparmor profile was changed as a fix for bug #2032805 to allow chronyd to read/write a linuxptp timemaster socket:
@{run}/timemaster/chrony.SOCK0 rw,
That works, but is limiting, as it allows only one PTP clock/interface to be used. If another one is setup, the other socket will be blocked by apparmor, because its name will be "chrony.SOCK1", and so on.
The fix is to simply expand the apparmor rule to allow for more socket files:
@{run}/timemaster/chrony.SOCK[0-9]* rw,
[ Test Plan ]
* Launch a VM. For example:
lxc launch ubuntu-daily:oracular o-ptp --vm
* Install chrony and linuxptp in the VM:
sudo apt update && sudo apt install chrony linuxptp -y
* stop chrony:
sudo systemctl stop chrony.service
* Create a config file for timemaster, replacing the interface name with the one that exists in the VM:
/etc/linuxptp/minimal.conf:
[ptp_domain 0]
interfaces enp5s0
[ptp_domain 127]
interfaces enp5s0
* in one terminal, observe the output of "dmesg -wT | grep timemaster"
* in another terminal, run this command:
sudo timemaster -m -q -f /etc/linuxptp/minimal.conf
* In a system with the bug, the command will issue a "Fatal error" like this:
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
* At the same time, the system with the bug will also log this line in the "dmesg -wT" terminal:
[Tue Jul 2 20:08:12 2024] audit: type=1400 audit(1719950892.125:129): apparmor="DENIED" operation="mknod" class="file" profile="/usr/sbin/chronyd" name="/run/timemaster/chrony.SOCK1" pid=1942 comm="chronyd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
* In a fixed system, there will be no apparmor log in the "dmesg -wT" terminal, and the "timemaster" command will run without errors, and won't exit.
[ Where problems could occur ]
* Think about what the upload changes in the software. Imagine the change is
wrong or breaks something else: how would this show up?
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This must '''never''' be "None" or "Low", or entirely an argument as to why
your upload is low risk.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance
[ Original Description ]
The fix for bug #2032805 allows chronyd to use one PTP clock/interface with timemaster, but not more than one.
Steps to reproduce (config must contain valid network interface names):
$ cat > minimal_timemaster.conf
# List two separate interfaces, or two separate domains with the same interface:
# [ptp_domain 0]
# interfaces ens1f0np0
[ptp_domain 127]
interfaces ens1f0np0 ens1f1np1
$ sudo timemaster -m -q -f minimal_timemaster.conf
timemaster[533042.285]: process 2755518 started: chronyd -n -f /var/run/timemaster/chrony.conf
timemaster[533042.285]: process 2755520 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.0.socket -t [127:ens1f0np0] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK0
timemaster[533042.286]: process 2755522 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.1.socket -t [127:ens1f1np1] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK1
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
...
Quickfix:
sudo sed -i 's|@{run}/timemaster/chrony.SOCK0 rw,|@{run}/timemaster/chrony.SOCK[0-9]* rw,|' /etc/apparmor.d/usr.sbin.chronyd
sudo systemctl reload apparmor
Expected output:
The timemaster command continues to run until pressing CTRL+C
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
chrony:
Installed: 4.5-1ubuntu4
Candidate: 4.5-1ubuntu4
linuxptp:
Installed: 4.0-1ubuntu1
Candidate: 4.0-1ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linuxptp 4.0-1ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: tsoffload linkout
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Jun 5 21:53:26 2024
Dependencies:
gcc-14-base 14-20240412-0ubuntu1
libc6 2.39-0ubuntu8.2
libgcc-s1 14-20240412-0ubuntu1
libidn2-0 2.3.7-2build1
libunistring5 1.1-2build1
InstallationDate: Installed on 2024-05-14 (22 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: linuxptp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.linuxptp.timemaster.conf: [modified]
mtime.conffile..etc.linuxptp.timemaster.conf: 2024-06-05T19:08:29.036254 |
[ Impact ]
The chronyd apparmor profile was changed as a fix for bug #2032805 to allow chronyd to read/write a linuxptp timemaster socket:
@{run}/timemaster/chrony.SOCK0 rw,
That works, but is limiting, as it allows only one PTP clock/interface to be used. If another one is setup, the other socket will be blocked by apparmor, because its name will be "chrony.SOCK1", and so on.
The fix is to simply expand the apparmor rule to allow for more socket files:
@{run}/timemaster/chrony.SOCK[0-9]* rw,
[ Test Plan ]
* Launch a VM. For example:
lxc launch ubuntu-daily:oracular o-ptp --vm
* Install chrony and linuxptp in the VM:
sudo apt update && sudo apt install chrony linuxptp -y
* stop chrony:
sudo systemctl stop chrony.service
* Create a config file for timemaster, replacing the interface name with the one that exists in the VM:
/etc/linuxptp/minimal.conf:
[ptp_domain 0]
interfaces enp5s0
[ptp_domain 127]
interfaces enp5s0
* in one terminal, observe the output of "dmesg -wT | grep timemaster"
* in another terminal, run this command:
sudo timemaster -m -q -f /etc/linuxptp/minimal.conf
* In a system with the bug, the command will issue a "Fatal error" like this:
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
* At the same time, the system with the bug will also log this line in the "dmesg -wT" terminal:
[Tue Jul 2 20:08:12 2024] audit: type=1400 audit(1719950892.125:129): apparmor="DENIED" operation="mknod" class="file" profile="/usr/sbin/chronyd" name="/run/timemaster/chrony.SOCK1" pid=1942 comm="chronyd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
* In a fixed system, there will be no apparmor log in the "dmesg -wT" terminal, and the "timemaster" command will run without errors, and won't exit.
[ Where problems could occur ]
This is expanding an existing apparmor rule with the globbing rules chrony.SOCK[0-9]* which will match not only the original SOCK0 extension, but many more with a numerical suffix. That is not blocking more patterns, not less, and the original one is included in the globbing.
There is risk in a syntax error in the apparmor profile, which would prevent it from loading at runtime. This should be detected if the test plan is followed.
[ Other Info ]
Not at this time.
[ Original Description ]
The fix for bug #2032805 allows chronyd to use one PTP clock/interface with timemaster, but not more than one.
Steps to reproduce (config must contain valid network interface names):
$ cat > minimal_timemaster.conf
# List two separate interfaces, or two separate domains with the same interface:
# [ptp_domain 0]
# interfaces ens1f0np0
[ptp_domain 127]
interfaces ens1f0np0 ens1f1np1
$ sudo timemaster -m -q -f minimal_timemaster.conf
timemaster[533042.285]: process 2755518 started: chronyd -n -f /var/run/timemaster/chrony.conf
timemaster[533042.285]: process 2755520 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.0.socket -t [127:ens1f0np0] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK0
timemaster[533042.286]: process 2755522 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.1.socket -t [127:ens1f1np1] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK1
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
...
Quickfix:
sudo sed -i 's|@{run}/timemaster/chrony.SOCK0 rw,|@{run}/timemaster/chrony.SOCK[0-9]* rw,|' /etc/apparmor.d/usr.sbin.chronyd
sudo systemctl reload apparmor
Expected output:
The timemaster command continues to run until pressing CTRL+C
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
chrony:
Installed: 4.5-1ubuntu4
Candidate: 4.5-1ubuntu4
linuxptp:
Installed: 4.0-1ubuntu1
Candidate: 4.0-1ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linuxptp 4.0-1ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: tsoffload linkout
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Jun 5 21:53:26 2024
Dependencies:
gcc-14-base 14-20240412-0ubuntu1
libc6 2.39-0ubuntu8.2
libgcc-s1 14-20240412-0ubuntu1
libidn2-0 2.3.7-2build1
libunistring5 1.1-2build1
InstallationDate: Installed on 2024-05-14 (22 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: linuxptp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.linuxptp.timemaster.conf: [modified]
mtime.conffile..etc.linuxptp.timemaster.conf: 2024-06-05T19:08:29.036254 |
|
| 2024-07-02 20:15:28 |
Andreas Hasenack |
description |
[ Impact ]
The chronyd apparmor profile was changed as a fix for bug #2032805 to allow chronyd to read/write a linuxptp timemaster socket:
@{run}/timemaster/chrony.SOCK0 rw,
That works, but is limiting, as it allows only one PTP clock/interface to be used. If another one is setup, the other socket will be blocked by apparmor, because its name will be "chrony.SOCK1", and so on.
The fix is to simply expand the apparmor rule to allow for more socket files:
@{run}/timemaster/chrony.SOCK[0-9]* rw,
[ Test Plan ]
* Launch a VM. For example:
lxc launch ubuntu-daily:oracular o-ptp --vm
* Install chrony and linuxptp in the VM:
sudo apt update && sudo apt install chrony linuxptp -y
* stop chrony:
sudo systemctl stop chrony.service
* Create a config file for timemaster, replacing the interface name with the one that exists in the VM:
/etc/linuxptp/minimal.conf:
[ptp_domain 0]
interfaces enp5s0
[ptp_domain 127]
interfaces enp5s0
* in one terminal, observe the output of "dmesg -wT | grep timemaster"
* in another terminal, run this command:
sudo timemaster -m -q -f /etc/linuxptp/minimal.conf
* In a system with the bug, the command will issue a "Fatal error" like this:
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
* At the same time, the system with the bug will also log this line in the "dmesg -wT" terminal:
[Tue Jul 2 20:08:12 2024] audit: type=1400 audit(1719950892.125:129): apparmor="DENIED" operation="mknod" class="file" profile="/usr/sbin/chronyd" name="/run/timemaster/chrony.SOCK1" pid=1942 comm="chronyd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
* In a fixed system, there will be no apparmor log in the "dmesg -wT" terminal, and the "timemaster" command will run without errors, and won't exit.
[ Where problems could occur ]
This is expanding an existing apparmor rule with the globbing rules chrony.SOCK[0-9]* which will match not only the original SOCK0 extension, but many more with a numerical suffix. That is not blocking more patterns, not less, and the original one is included in the globbing.
There is risk in a syntax error in the apparmor profile, which would prevent it from loading at runtime. This should be detected if the test plan is followed.
[ Other Info ]
Not at this time.
[ Original Description ]
The fix for bug #2032805 allows chronyd to use one PTP clock/interface with timemaster, but not more than one.
Steps to reproduce (config must contain valid network interface names):
$ cat > minimal_timemaster.conf
# List two separate interfaces, or two separate domains with the same interface:
# [ptp_domain 0]
# interfaces ens1f0np0
[ptp_domain 127]
interfaces ens1f0np0 ens1f1np1
$ sudo timemaster -m -q -f minimal_timemaster.conf
timemaster[533042.285]: process 2755518 started: chronyd -n -f /var/run/timemaster/chrony.conf
timemaster[533042.285]: process 2755520 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.0.socket -t [127:ens1f0np0] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK0
timemaster[533042.286]: process 2755522 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.1.socket -t [127:ens1f1np1] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK1
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
...
Quickfix:
sudo sed -i 's|@{run}/timemaster/chrony.SOCK0 rw,|@{run}/timemaster/chrony.SOCK[0-9]* rw,|' /etc/apparmor.d/usr.sbin.chronyd
sudo systemctl reload apparmor
Expected output:
The timemaster command continues to run until pressing CTRL+C
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
chrony:
Installed: 4.5-1ubuntu4
Candidate: 4.5-1ubuntu4
linuxptp:
Installed: 4.0-1ubuntu1
Candidate: 4.0-1ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linuxptp 4.0-1ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: tsoffload linkout
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Jun 5 21:53:26 2024
Dependencies:
gcc-14-base 14-20240412-0ubuntu1
libc6 2.39-0ubuntu8.2
libgcc-s1 14-20240412-0ubuntu1
libidn2-0 2.3.7-2build1
libunistring5 1.1-2build1
InstallationDate: Installed on 2024-05-14 (22 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: linuxptp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.linuxptp.timemaster.conf: [modified]
mtime.conffile..etc.linuxptp.timemaster.conf: 2024-06-05T19:08:29.036254 |
[ Impact ]
The chronyd apparmor profile was changed as a fix for bug #2032805 to allow chronyd to read/write a linuxptp timemaster socket:
@{run}/timemaster/chrony.SOCK0 rw,
That works, but is limiting, as it allows only one PTP clock/interface to be used. If another one is setup, the other socket will be blocked by apparmor, because its name will be "chrony.SOCK1", and so on.
The fix is to simply expand the apparmor rule to allow for more socket files:
@{run}/timemaster/chrony.SOCK[0-9]* rw,
[ Test Plan ]
* Launch a VM. For example:
lxc launch ubuntu-daily:noble n-ptp --vm
* Install chrony and linuxptp in the VM:
sudo apt update && sudo apt install chrony linuxptp -y
* stop chrony:
sudo systemctl stop chrony.service
* Create a config file for timemaster, replacing the interface name with the one that exists in the VM:
/etc/linuxptp/minimal.conf:
[ptp_domain 0]
interfaces enp5s0
[ptp_domain 127]
interfaces enp5s0
* in one terminal, observe the output of "dmesg -wT | grep timemaster"
* in another terminal, run this command:
sudo timemaster -m -q -f /etc/linuxptp/minimal.conf
* In a system with the bug, the command will issue a "Fatal error" like this:
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
* At the same time, the system with the bug will also log this line in the "dmesg -wT" terminal:
[Tue Jul 2 20:08:12 2024] audit: type=1400 audit(1719950892.125:129): apparmor="DENIED" operation="mknod" class="file" profile="/usr/sbin/chronyd" name="/run/timemaster/chrony.SOCK1" pid=1942 comm="chronyd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
* In a fixed system, there will be no apparmor log in the "dmesg -wT" terminal, and the "timemaster" command will run without errors, and won't exit.
[ Where problems could occur ]
This is expanding an existing apparmor rule with the globbing rules chrony.SOCK[0-9]* which will match not only the original SOCK0 extension, but many more with a numerical suffix. That is not blocking more patterns, not less, and the original one is included in the globbing.
There is risk in a syntax error in the apparmor profile, which would prevent it from loading at runtime. This should be detected if the test plan is followed.
[ Other Info ]
Not at this time.
[ Original Description ]
The fix for bug #2032805 allows chronyd to use one PTP clock/interface with timemaster, but not more than one.
Steps to reproduce (config must contain valid network interface names):
$ cat > minimal_timemaster.conf
# List two separate interfaces, or two separate domains with the same interface:
# [ptp_domain 0]
# interfaces ens1f0np0
[ptp_domain 127]
interfaces ens1f0np0 ens1f1np1
$ sudo timemaster -m -q -f minimal_timemaster.conf
timemaster[533042.285]: process 2755518 started: chronyd -n -f /var/run/timemaster/chrony.conf
timemaster[533042.285]: process 2755520 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.0.socket -t [127:ens1f0np0] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK0
timemaster[533042.286]: process 2755522 started: phc2sys -l 5 -a -r -R 1.00 -z /var/run/timemaster/ptp4l.1.socket -t [127:ens1f1np1] -n 127 -E refclock_sock --refclock_sock_address /var/run/timemaster/chrony.SOCK1
Fatal error : Could not open socket /var/run/timemaster/chrony.SOCK1
...
Quickfix:
sudo sed -i 's|@{run}/timemaster/chrony.SOCK0 rw,|@{run}/timemaster/chrony.SOCK[0-9]* rw,|' /etc/apparmor.d/usr.sbin.chronyd
sudo systemctl reload apparmor
Expected output:
The timemaster command continues to run until pressing CTRL+C
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
chrony:
Installed: 4.5-1ubuntu4
Candidate: 4.5-1ubuntu4
linuxptp:
Installed: 4.0-1ubuntu1
Candidate: 4.0-1ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linuxptp 4.0-1ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
NonfreeKernelModules: tsoffload linkout
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Jun 5 21:53:26 2024
Dependencies:
gcc-14-base 14-20240412-0ubuntu1
libc6 2.39-0ubuntu8.2
libgcc-s1 14-20240412-0ubuntu1
libidn2-0 2.3.7-2build1
libunistring5 1.1-2build1
InstallationDate: Installed on 2024-05-14 (22 days ago)
InstallationMedia: Ubuntu-Server 24.04 LTS "Noble Numbat" - Release amd64 (20240423)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: linuxptp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.linuxptp.timemaster.conf: [modified]
mtime.conffile..etc.linuxptp.timemaster.conf: 2024-06-05T19:08:29.036254 |
|
| 2024-07-02 20:19:26 |
Andreas Hasenack |
merge proposal linked |
|
https://code.launchpad.net/~git-ubuntu-import/ubuntu/+source/chrony/+git/chrony/+merge/468625 |
|
| 2024-07-02 20:24:40 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/chrony/+git/chrony/+merge/468626 |
|
| 2024-07-02 20:51:42 |
Andreas Hasenack |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/chrony/+git/chrony/+merge/468629 |
|
| 2024-07-08 20:15:36 |
Launchpad Janitor |
chrony (Ubuntu Oracular): status |
In Progress |
Fix Released |
|
| 2024-07-10 14:24:56 |
Robie Basak |
chrony (Ubuntu Noble): status |
New |
Fix Committed |
|
| 2024-07-10 14:24:58 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2024-07-10 14:25:02 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
| 2024-07-10 14:25:14 |
Robie Basak |
tags |
amd64 apport-bug noble |
amd64 apport-bug noble verification-needed verification-needed-noble |
|
