From e0e0be96eac3829fdcb7663ec2a5ae8497922128 Mon Sep 17 00:00:00 2001
From: root <root@localhost>
Date: Wed, 27 May 2020 09:13:22 +0200
Subject: [PATCH] committing changes in /etc made by "apt-get install
 gpsd-clients"

Package changes:
+gpsd 3.20-8ubuntu0.1 amd64
+gpsd-clients 3.20-8ubuntu0.1 amd64
+libgps26 3.20-8ubuntu0.1 amd64
+python3-gps 3.20-8ubuntu0.1 amd64
---
 .etckeeper                                    |   3 +
 apparmor.d/local/usr.sbin.gpsd                |   0
 apparmor.d/usr.sbin.gpsd                      | 100 ++++++++++++++++++
 default/gpsd                                  |   6 ++
 passwd                                        |   1 +
 passwd-                                       |   3 +-
 shadow                                        |   1 +
 shadow-                                       |   1 +
 .../system/sockets.target.wants/gpsd.socket   |   1 +
 9 files changed, 115 insertions(+), 1 deletion(-)
 create mode 100644 apparmor.d/local/usr.sbin.gpsd
 create mode 100644 apparmor.d/usr.sbin.gpsd
 create mode 100644 default/gpsd
 create mode 120000 systemd/system/sockets.target.wants/gpsd.socket

diff --git a/.etckeeper b/.etckeeper
index 1317766..1a71ee8 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -660,6 +660,7 @@ maybe chmod 0644 'apparmor.d/local/usr.lib.snapd.snap-confine.real'
 maybe chmod 0644 'apparmor.d/local/usr.lib.telepathy'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.cups-browsed'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.cupsd'
+maybe chmod 0644 'apparmor.d/local/usr.sbin.gpsd'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.ippusbxd'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.ntpd'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.rsyslogd'
@@ -699,6 +700,7 @@ maybe chmod 0644 'apparmor.d/usr.lib.snapd.snap-confine.real'
 maybe chmod 0644 'apparmor.d/usr.lib.telepathy'
 maybe chmod 0644 'apparmor.d/usr.sbin.cups-browsed'
 maybe chmod 0644 'apparmor.d/usr.sbin.cupsd'
+maybe chmod 0644 'apparmor.d/usr.sbin.gpsd'
 maybe chmod 0644 'apparmor.d/usr.sbin.ippusbxd'
 maybe chmod 0644 'apparmor.d/usr.sbin.mysqld'
 maybe chmod 0644 'apparmor.d/usr.sbin.ntpd'
@@ -1562,6 +1564,7 @@ maybe chmod 0644 'default/devpts'
 maybe chmod 0644 'default/dump1090-mutability'
 maybe chmod 0644 'default/fwlogwatch'
 maybe chmod 0644 'default/google-chrome'
+maybe chmod 0644 'default/gpsd'
 maybe chmod 0644 'default/grub'
 maybe chmod 0755 'default/grub.d'
 maybe chmod 0644 'default/grub.d/init-select.cfg'
diff --git a/apparmor.d/local/usr.sbin.gpsd b/apparmor.d/local/usr.sbin.gpsd
new file mode 100644
index 0000000..e69de29
diff --git a/apparmor.d/usr.sbin.gpsd b/apparmor.d/usr.sbin.gpsd
new file mode 100644
index 0000000..7d16715
--- /dev/null
+++ b/apparmor.d/usr.sbin.gpsd
@@ -0,0 +1,100 @@
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2018 Canonical Ltd.
+#
+# This software is distributed under a BSD-style license. See the
+# file "COPYING" in the top-level directory of the distribution for details.
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+
+/usr/sbin/gpsd flags=(attach_disconnected) {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+  capability ipc_lock,
+  capability net_bind_service,
+  capability sys_nice,
+  capability fsetid,
+  capability setgid,
+  capability setuid,
+  capability sys_resource,
+
+  # for all the remote connection options
+  network dgram,
+  network stream,
+
+  # own binary
+  /usr/sbin/gpsd rmix,
+
+  # common serial paths to GPS devices
+  /dev/tty{,S,USB,AMA,ACM}[0-9]*    rw,
+  /sys/dev/char     r,
+  /sys/dev/char/**  r,
+
+  # pps related devices
+  /dev/pps[0-9]*              rw,
+  /sys/devices/virtual/pps    r,
+  /sys/devices/virtual/pps/** r,
+
+  # gpsd device to share
+  /dev/gpsd[0-9] rw,
+
+  # libusb device access to GPS devices
+  /proc/      r,
+  /dev/       r,
+  /sys/class/ r,
+  /sys/bus/   r,
+  /dev/bus/usb/ r,
+  /sys/bus/usb/devices/ r,
+  /sys/devices/pci[0-9]*/**/{uevent,busnum,devnum,speed,descriptors} r,
+  /run/udev/data/+usb* r,
+  /run/udev/data/c189* r,
+
+  # common config path (by default unused)
+  /etc/gpsd/* r,
+  # gpsd will call this on device attach/detach allowing for custom handlers
+  /bin/dash rix,
+  /bin/bash rix,
+  /etc/gpsd/device-hook ix,
+
+  # control socket e.g. for gpsdctl
+  /{,var/}run/gpsd.sock rw,
+
+  # enumerate own FDs
+  @{PROC}/@{pid}/fd/ r,
+
+  # default paths feeding GPS data into chrony
+  /{,var/}run/chrony.tty{,S,USB,AMA}[0-9]*.sock rw,
+  /tmp/chrony.tty{,S,USB,AMA}[0-9]*.sock rw,
+
+  # logging
+  /{,var/}run/systemd/journal/dev-log w,
+
+  # required for pps initialization
+  capability sys_time,
+  /sys/devices/virtual/pps/ r,
+
+  # to submit data to chrony
+  ptrace read peer=/usr/sbin/chronyd,
+
+  # for libusb in case USB based GPS devices are used
+  /sys/devices/**/usb[0-9]*/** r,
+
+  # triggered on fusercount, not strictly required and unsafe to allow
+  # adding an explicit denial rule silences the warnings
+  deny ptrace read peer=unconfined,
+  deny capability sys_ptrace,
+  deny capability dac_read_search,
+  deny capability dac_override,
+
+  # gpsd tries to load pps_ldisc directly, but gpsd doesn't need
+  # the general power of cap 'sys_module', pps_ldisc is auto-loaded
+  # by the kernel when gpsd is creating the pps device
+  deny capability sys_module,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.gpsd>
+}
diff --git a/default/gpsd b/default/gpsd
new file mode 100644
index 0000000..7d9f1c4
--- /dev/null
+++ b/default/gpsd
@@ -0,0 +1,6 @@
+# Devices gpsd should collect to at boot time.
+# They need to be read/writeable, either by user gpsd or the group dialout.
+DEVICES=""
+
+# Other options you want to pass to gpsd
+GPSD_OPTIONS=""
diff --git a/passwd b/passwd
index e2ab46f..8a7683c 100644
--- a/passwd
+++ b/passwd
@@ -59,3 +59,4 @@ nvidia-persistenced:x:133:146:NVIDIA Persistence Daemon,,,:/nonexistent:/sbin/no
 dump1090:x:134:65534::/usr/share/dump1090-mutability:/usr/sbin/nologin
 nx:x:135:1015::/var/NX/nx:/etc/NX/nxserver
 tss:x:136:147:TPM software stack,,,:/var/lib/tpm:/bin/false
+gpsd:x:137:20:GPSD system user,,,:/run/gpsd:/bin/false
diff --git a/passwd- b/passwd-
index d9f3733..263ed34 100644
--- a/passwd-
+++ b/passwd-
@@ -58,4 +58,5 @@ tcpdump:x:132:145::/nonexistent:/usr/sbin/nologin
 nvidia-persistenced:x:133:146:NVIDIA Persistence Daemon,,,:/nonexistent:/sbin/nologin
 dump1090:x:134:65534::/usr/share/dump1090-mutability:/usr/sbin/nologin
 nx:x:135:1015::/var/NX/nx:/etc/NX/nxserver
-tss:x:136:147::/var/lib/tpm:/bin/false
+tss:x:136:147:TPM software stack,,,:/var/lib/tpm:/bin/false
+gpsd:x:137:20::/run/gpsd:/bin/false
diff --git a/shadow b/shadow
index e0aea1a..095c016 100644
--- a/shadow
+++ b/shadow
@@ -59,3 +59,4 @@ nvidia-persistenced:*:18219:0:99999:7:::
 dump1090:*:18302:0:99999:7:::
 nx:*:18347:0:99999:7:::
 tss:*:18407:0:99999:7:::
+gpsd:*:18409:0:99999:7:::
diff --git a/shadow- b/shadow-
index e0aea1a..095c016 100644
--- a/shadow-
+++ b/shadow-
@@ -59,3 +59,4 @@ nvidia-persistenced:*:18219:0:99999:7:::
 dump1090:*:18302:0:99999:7:::
 nx:*:18347:0:99999:7:::
 tss:*:18407:0:99999:7:::
+gpsd:*:18409:0:99999:7:::
diff --git a/systemd/system/sockets.target.wants/gpsd.socket b/systemd/system/sockets.target.wants/gpsd.socket
new file mode 120000
index 0000000..e417964
--- /dev/null
+++ b/systemd/system/sockets.target.wants/gpsd.socket
@@ -0,0 +1 @@
+/lib/systemd/system/gpsd.socket
\ No newline at end of file
-- 
2.43.0