403Webshell
Server IP : 13.213.54.232  /  Your IP : 216.73.216.209
Web Server : Apache/2.4.52 (Ubuntu)
System : Linux ip-172-31-17-110 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 7.1.33-67+ubuntu22.04.1+deb.sury.org+1
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /etc/apparmor.d/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /etc/apparmor.d/usr.sbin.chronyd
# vim:syntax=apparmor
# Last Modified: Sun Sep 05 16:48:05 2021

abi <abi/3.0>,

#include <tunables/global>

/usr/sbin/chronyd flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  # For /run/chrony to be created
  capability chown,

  # Give “root” the ability to read and write the PID file
  capability dac_override,
  capability dac_read_search,

  # Needed to support HW timestamping
  capability net_admin,

  # Needed to allow NTP server sockets to be bound to a privileged port
  capability net_bind_service,

  # Needed to allow an NTP socket to be bound to a device using the
  # SO_BINDTODEVICE socket option on kernels before 5.7
  capability net_raw,

  # Needed to drop privileges
  capability setgid,
  capability setuid,

  # Needed to set the SCHED_FIFO real-time scheduler at the specified priority
  # using the '-P' option
  capability sys_nice,

  # Needed to lock chronyd into RAM
  capability sys_resource,

  # Needed to set the system/real-time clock
  capability sys_time,

  /usr/sbin/chronyd mr,

  /etc/chrony/{,**} r,
  /var/lib/chrony/{,*} rw,
  /var/log/chrony/{,*} rw,
  @{run}/chrony/{,*} rw,
  @{run}/chrony-dhcp/{,*} r,

  # Using the “tempcomp” directive gives chronyd the ability to improve
  # the stability and accuracy of the clock by compensating the temperature
  # changes measured by a sensor close to the oscillator.
  @{sys}/class/hwmon/hwmon[0-9]*/temp[0-9]*_input r,
  @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/temp[0-9]*_input r,

  # Support all paths suggested in the man page (LP: #1771028). Assume these
  # are common use cases; others should be set as local include (see below).
  # Configs using a 'chrony.' prefix like the tempcomp config file example
  /etc/chrony.* r,
  # Example gpsd socket is outside @{run}/chrony/
  @{run}/chrony.tty{,*}.sock rw,
  # To sign replies to MS-SNTP clients by the smbd daemon
  /var/lib/samba/ntp_signd/socket rw,

  # rtc
  /etc/adjtime r,
  /dev/rtc{,[0-9]*} rw,

  # gps devices
  /dev/pps[0-9]* rw,
  /dev/ptp[0-9]* rw,

  # Allow reading the chronyd configuration file that timemaster(8) generates
  @{run}/timemaster/chrony.conf r,

  # For use with clocks that report via shared memory (e.g. gpsd),
  # you may need to give ntpd access to all of shared memory, though
  # this can be considered dangerous. See https://launchpad.net/bugs/722815
  # for details. To enable, add this to local/usr.sbin.chronyd:
  #     capability ipc_owner,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.chronyd>
}

Youez - 2016 - github.com/yon3zu
LinuXploit