Re: [chrony-users] chronyc serverstats => 501 not autorized

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: Miroslav Lichvar <mlichvar@xxxxxxxxxx>, chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] chronyc serverstats => 501 not autorized
From: Gerd Hoerst <gerd@xxxxxxxxxx>
Date: Thu, 20 Nov 2025 18:38:10 +0100
Dkim-signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=hoerst.net; i=@hoerst.net; q=dns/txt; s=ed25519; t=1763660289; h=from : sender : reply-to : date : message-id : to : cc : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=hJj7/RuLkf87FdWkU7uPEj7CxVHSGTxxIDNvxk2I4XI=; b=9TvCFw84N1PJjf4TODnRI81Dc+EzmCO5HukbpVpjEGM82WGHCNZVFQ2KtP8epi/fN6mE0 wwupbKEUP/3ZrkuAQ==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hoerst.net; i=@hoerst.net; q=dns/txt; s=default; t=1763660289; h=from : sender : reply-to : date : message-id : to : cc : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=hJj7/RuLkf87FdWkU7uPEj7CxVHSGTxxIDNvxk2I4XI=; b=P4f8wGorE4B5QaemHc4cpv055uHzbxfj/uJV8SJ2xvoPkmZt/eQLd5RU4kqekXRh7fJS8 bg0nfL9jgevGqIZYoxn9zPF9XuB10ysuUjNtQp627pgeY7404dfL9ZLM/c3as/fOhgE6weB 6ABws+IlMI7j6L7S3F2GMAzkO7Bvapgxr6VI+uSWBerd5yRa6mnEdX4qLtQEzxMGCiaCc5z po6VY3EwgKrfPdCKLBkT9M3tie0GZ+XGpThRz6H2fQG8x6omwbicJlOss9EargaY3AONcrk K22Q3f/QNwrEeggBt8+FE/0T4QHbavUfnrmd+2H1AerqmDkZsyFCzyVzEsTg==

Hi !

This is the syslog failure...

2025-11-20T18:36:00.162723+01:00 capricorn kernel: audit: type=1400audit(1763660160.160:1399): apparmor="DENIED" operation="se ndmsg" class="file"profile="/usr/sbin/chronyd"name="/run/chrony/chronyc.137314/kZXsY1DaPSMkEEhv/sock" pid=137314comm="chrony c"requested_mask="r" denied_mask="r" fsuid=138 ouid=0

I do not understand why my apparmor is running... its nrmally the firstthing i disable , when i hav a problem


Ciao Gerd

Am 20.11.2025 um 10:25 schrieb Miroslav Lichvar:

On Thu, Nov 20, 2025 at 10:03:45AM +0100, Gerd Hoerst wrote:

Hi !

OK you are right... iwas kind of confused because in apparmor is only a
profile for /usr/sbin/chronyd
So do i need a profile for /usr/bin/chronyc with same settings as for
chronyd ?

I'm not very familiar. First, I'd try to change the following line in
the chrony policy:

@{run}/chrony/{,*} rw,

to

@{run}/chrony/{,**} rw,

(extra asterisk)

--

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxxwith "unsubscribe" in the subject.For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxxwith "help" in the subject.

Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Miroslav Lichvar
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Gerd Hoerst
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Miroslav Lichvar
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Gerd Hoerst
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Miroslav Lichvar
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Gerd Hoerst
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Miroslav Lichvar
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Gerd Hoerst
- Re: [chrony-users] chronyc serverstats => 501 not autorized
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] chronyc serverstats => 501 not autorized
Previous by thread: Re: [chrony-users] chronyc serverstats => 501 not autorized

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/