apparmor prevents ntp from reading gpsd

Bug #722815 reported by John Nogatch on 2011-02-21
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)
Kees Cook

Bug Description

Binary package hint: ntp

Ubuntu 10.10
ntp 1:4.2.4p8+dfsg-1ubuntu6

With gpsd installed and a USB GPS device plugged in, xgps shows that GPS data is available, but "ntpq -p" does not display it. "server" and "fudge" lines had already been added to /etc/ntp.conf & ntp restarted.

/etc/apparmor.d/usr.sbin.ntpd needs to have 1 line added, "capability ipc_owner," (after the line "capability ipc_lock,") and then apparmor and ntp need to be restarted. "ntpq -p" then shows the time obtained from the GPS.

The man page for shmat(2) indicates that EACCES is returned if the process lacks CAP_IPC_OWNER. Perhaps if ntp requested access with SHM_RDONLY, owner capability might not be required? Does adding "capability ipc_owner," open a security hole?

Related branches

Changed in ntp (Ubuntu):
importance: Undecided → Low
status: New → Confirmed
John Nogatch (jnogatch) wrote :

My previous patch file was made incorrectly. This new patch file has the files in correct order, with full pathname.

tags: added: patch
Lefteris (lefterists) wrote :

A quick hack (not recommended though as it most likely gives ntpd access to shm and opens up a security hole) is to edit /etc/apparmor.d/tunables/ntpd and use:


Kees Cook (kees) wrote :

Thanks for tracking this down! Unfortunately, ipc_owner is a rather strong capability (allows access to all shared memory), and it looks like ntpd expects to actually write to the memory region (e.g. "shm->valid = 0" is in the code), so SHM_RDONLY doesn't seem viable either. Instead, I've added a note to the AppArmor profile itself pointing people to the right option if they want to enable it for their local system (since it doesn't seem appropriate to do this by default for all ntpd users).

Changed in ntp (Ubuntu):
status: Confirmed → Fix Committed
assignee: nobody → Kees Cook (kees)
importance: Low → Wishlist
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntp - 1:4.2.6.p2+dfsg-1ubuntu5

ntp (1:4.2.6.p2+dfsg-1ubuntu5) natty; urgency=low

  * debian/apparmor-profile: add note about using shared memory for
    a clock source (LP: #722815).
 -- Kees Cook <email address hidden> Thu, 10 Mar 2011 12:54:59 -0800

Changed in ntp (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers