| [chrony-dev] [PATCH v4 3/3] main: add -X to fall back if time is not adjustable |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
In unprivileged containers even after e8096330 "sys_linux: don't
keep CAP_SYS_TIME with -x option" default installations
will still run without an explicit -x being set and therefore fail
by missing CAP_SYS_TIME.
In some use cases users want the NTP server service to "just work"
which in a non-CAP_SYS_TIME environment means that chrony has to fall
back.
Yet on the other hand they can't use -x as at the time of config/install
the eventually present condition can't be checked.
In the most common case for this - containers - the host will be
controlling the system clock and it is expected to be set up to a valid
if not even the same NTP sources. So the system clock is (kind of) good
even without chrony controlling it.
By that a user will get an NTP server working independent to the
environment, that will control the local time if it is able to do
so.
To some extend this can also be seen as an ntpd compat option which
complained in syslog but did not crash under these conditions.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>
---
doc/chronyd.adoc | 8 ++++++++
main.c | 5 ++++-
sys.c | 7 +++++++
3 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/doc/chronyd.adoc b/doc/chronyd.adoc
index f5bb360..8845eb2 100644
--- a/doc/chronyd.adoc
+++ b/doc/chronyd.adoc
@@ -163,6 +163,14 @@ relative to the estimated true time, and be able to operate as an NTP server.
This allows *chronyd* to run without the capability to adjust or set the system
clock (e.g. in some containers).
+*-X*::
+This option allows *chronyd* to disable the control of the system clock if
+it fails to initialise the system clock driver.
+*chronyd* will try to initialise the clock, but if it is failing it will fall
+back to to the mode as described by the *-x* option.
+This comes handy if one wants a config to work as NTP server in any
+environment, but control the local clock only if it is possible.
+
*-v*::
With this option *chronyd* will print version number to the terminal and exit.
diff --git a/main.c b/main.c
index a2202e9..988c552 100644
--- a/main.c
+++ b/main.c
@@ -427,7 +427,7 @@ int main
optind = 1;
/* Parse short command-line options */
- while ((opt = getopt(argc, argv, "46df:F:hl:mnP:qQrRst:u:vx")) != -1) {
+ while ((opt = getopt(argc, argv, "46df:F:hl:mnP:qQrRst:u:vxX")) != -1) {
switch (opt) {
case '4':
case '6':
@@ -490,6 +490,9 @@ int main
case 'x':
clock_control = 0;
break;
+ case 'X':
+ clock_control = -1;
+ break;
default:
print_help(progname);
return opt != 'h';
diff --git a/sys.c b/sys.c
index 391b259..6f92265 100644
--- a/sys.c
+++ b/sys.c
@@ -74,6 +74,13 @@ SYS_Initialise(int clock_control)
if (!initalised) {
if (clock_control > 0)
LOG_FATAL("Could not initialise system clock driver");
+
+ if (clock_control == -1) {
+ LOG(LOGS_WARN, "Could not initialise system clock driver");
+ LOG(LOGS_WARN, "Falling back by disabling control of system clock");
+ null_driver = 1;
+ SYS_Null_Initialise();
+ }
}
}
--
2.7.4
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.