Re: [chrony-dev] Using Linux Capabilities

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ] 

> On 9/11/2017, at 11:17 AM, Michael Cashwell <chronyd@xxxxxxxxxxxx> wrote:
> 
> 
> It sounds like a “more standard” approach would be:
> 
> 1: chronyd is started by the OS at boot in local mode (eg: no upstream time sources) and in an inert state where it WILL NOT respond to NTP requests on the LAN because is has not been told that the system time is “good”.
> 
> 2: At some point after boot up my parent process invokes chronyc (again as non-root) to bless the system time as good and thus enable NTP requests to be answered.
> 
> If that’s possible without source code changes that’s fine with me.
> 

Maybe you could just start chronyd but with the listening port (123) blocked in your firewall. When your system clock has been set by the external source and chronyc is reporting it as OK, then open the port to allow external requests.

Bryan Christianson
bryan@xxxxxxxxxxxxx




--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/