[chrony-dev] Using Linux Capabilities

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


Greetings,

Perhaps I’m confused so I wanted to raise this issue/question before sending a patch.

On linux, I need a parent process to fork/execv chronyd and I have that parent managing the needed Linux capabilities so chronyd can set the local time and access reserved ports. That parent process has already dropped to a non-privileged user which prevents chronyd from starting as the superuser or making use of the -u option.

But with capabilities in place it shouldn’t need those things and chronyd’s LOG_FATAL("Not superuser”) euid 0 test early in main() should not apply.

I understand that eliminating that test outright would change the behavior other platforms (those without capabilities where a non-euid 0 invocation is certain to fail later) so I didn’t want to do that.

Instead, I added a ‘-U’ option that just skips the euid 0 requirement. I’ll need to rebase my patch before posting but wanted to discuss this first.

Does this make sense or is there another way to do it?

-Mike


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/