Re: [chrony-users] Impact of multiple NTP implementations in containers

Re: [chrony-users] Impact of multiple NTP implementations in containers on host chronyd

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: Jan Lübbe <jlu@xxxxxxxxxxxxxx>, "Valera Requena, Juan" <jvalera@xxxxxxxx>, "chrony-users@xxxxxxxxxxxxxxxxxxxx" <chrony-users@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [chrony-users] Impact of multiple NTP implementations in containers on host chronyd
From: "Kevin P. Fleming" <lists.chrony-users@xxxxxxxxxxxxx>
Date: Mon, 19 Jan 2026 05:46:09 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=km6g.us; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1768819591; x=1768905991; bh=yMhpy6cWo5saP/clPYTVatnXyCG9KmYLaHK3gphE3RA=; b= cwGz3+X8CUKqDnYW9PRzsRxJcQrn9xOk3K0pzYHQKpgxpMiiDKoZqiA78YMobCCq 4fssAuDnt5ui/jNzIdMUr8FE49q4idrxAff8MVEt+vkd222LAi8SsMQfkpOmKSer BqbwdFehm6L6G2NsONTdXtGj0Lr4BLmfMBhHGlD0icxCcr32BaSarw3eQYmpZIl2 w6Z2nQtOEcKOVxPBGr30veY+I5d7qt7AtK4/d+WPkBpmBymW8QLukax26HGuIxR+ 2NlFgqCGAe6fyBSDWuUZyy2oiqnSdkeYGc78xbNQ0wpDN0sgW2yWMNO/Zi0+6Y99 dygHvplK1CMupKm/EdLEsA==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1768819591; x=1768905991; bh=y Mhpy6cWo5saP/clPYTVatnXyCG9KmYLaHK3gphE3RA=; b=ifrvnUpKtBJQI0irS JpQ3bdJRzsi3e+LulJpEFTETiXKSevG3KQ6XCfq1aM4NVnOA8kWQbGZ3rgXzvOvJ 5Dbj5t/aCccb+RZzQDMEr8NgqRWhbkvK8C4lgungdGP9KAdy3pBr2afKjWVCT2NQ KmTYwcqIhfaLKExlAS8OPOA5bU/SI4kgqtjOX+LSKU9m8d2EG3Q6xy3PAdal3RWy Turi2PHZCkrhBBDxPIvGXmZEFZOaLn/ap398awWFzrgXvcDWwQCIuH3c348z2esf lJbXltSfrKzKDGoiEiGoD7RyDSvMZQV0gZc0kuykDeB8K31vhMIlaPrJrHF0qgDa Zf9Ig==
Feedback-id: i1309466e:Fastmail

On Mon, Jan 19, 2026, at 05:30, Jan Lübbe wrote:
> On Linux, setting the system clock is protected by CAP_SYS_TIME, see
> capabilities(7). So just don't give your containers this capability.
> podman/docker drop it by default.

Unless of course you are granting CAP_SYS_ADMIN to your containers, in which case you've got much larger problems than the system clock being modified!

--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- [chrony-users] Impact of multiple NTP implementations in containers on host chronyd
  - From: Valera Requena, Juan
- Re: [chrony-users] Impact of multiple NTP implementations in containers on host chronyd
  - From: Jan Lübbe

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] Impact of multiple NTP implementations in containers on host chronyd
Previous by thread: Re: [chrony-users] Impact of multiple NTP implementations in containers on host chronyd

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/