| [chrony-dev] Using Linux Capabilities |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
Greetings,
Perhaps I’m confused so I wanted to raise this issue/question before sending a patch.
On linux, I need a parent process to fork/execv chronyd and I have that parent managing the needed Linux capabilities so chronyd can set the local time and access reserved ports. That parent process has already dropped to a non-privileged user which prevents chronyd from starting as the superuser or making use of the -u option.
But with capabilities in place it shouldn’t need those things and chronyd’s LOG_FATAL("Not superuser”) euid 0 test early in main() should not apply.
I understand that eliminating that test outright would change the behavior other platforms (those without capabilities where a non-euid 0 invocation is certain to fail later) so I didn’t want to do that.
Instead, I added a ‘-U’ option that just skips the euid 0 requirement. I’ll need to rebase my patch before posting but wanted to discuss this first.
Does this make sense or is there another way to do it?
-Mike
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.