Control: severity -1 important Control: tags -1 moreinfo Hi Ryan,
Le 2023-04-17 14:54, Ryan Govostes a écrit :
> Package: chrony
> Version: 4.3
> Severity: normal
> X-Debbugs-Cc: rgovos...@gmail.com
>
> Dear Maintainer,
>
> gpsd and chronyd can communicate via domain sockets such as
> /var/run/chrony.ttyS0.sock. chronyd creates the sockets and gpsd connects to
> them.
>
> However, the AppArmor profile for chronyd is too strict; it only allows the
> creation of sockets for tty devices, and not pps devices.
>
> @{run}/chrony.tty{,*}.sock rw,
Indeed, this rule is too restrictive…
> The corresponding rules on the gpsd profile are:
>
> /{,var/}run/chrony.tty{,S,USB,AMA}[0-9]*.sock rw,
> /tmp/chrony.tty{,S,USB,AMA}[0-9]*.sock rw,
>
> Could these be relaxed to allow /var/run/chrony.*.sock?
…This might be too permissive though. Could you please tell me if changing the
rule to "@{run}/chrony{,.clk}.{tty,pps}*.sock rw," meets your need?
> Ryan
Cheers,
Vincent
P.S: run "apparmor_parser -r /etc/apparmor.d/usr.sbin.chronyd" after modifying
the profile.
signature.asc
Description: PGP signature
