6~On Tue, 15 Mar 2016 17:26, Per Jessen wrote:
Patrick Shanahan wrote:
* Per Jessen [03-15-16 11:32]:
Patrick Shanahan wrote:
* Per Jessen [03-15-16 10:50]:
Patrick Shanahan wrote:
[...] >> OK, semi-solved. The problem apparently lies with the >> chrooted >> jail. If I unset NTPD_RUN_CHROOTED, ntpd operates as >> desired. I checked my other local boxes and none are running >> chrooted. >> >> Then the remaining question, why is it failing when running >> chrooted? > > Your chroot jail wasn't properly set up - somehow. I assume > you were the one who changed the system to > NTPD_RUN_CHROOTED="yes"? Or are you on TW?
Cannot recall but believe chroot was selected on original tw install of ntp. I manually changed NTPD_RUN_CHROOTED= to "no" and restart ntpd and see successful operation.
The original chroot setup was done by yast during install so if borked, yast is culprit ....
Uh, I suspect the jail setup is done by the start script. That's how it used to be anyway. If it isn't done on start-up, the latest changes to the network aren't included.
That may well be but this system restart with NTPD_RUN_CHROOTED="yes" leaves ntpd failing to connect with/without ipv6 and a change to NTPD_RUN_CHROOTED="no" w/o a restart is successful. ???
Right - so whatever is supposed to set up the chroot jail isn't working, I would say. On Leap421, that is /usr/sbin/start-ntpd.
Which is as provided in ntp-4.2.8p4-2.1.x86_64
I would expect that *many* op's would be affected and wondering ????
Only if they're running ntpd in chroot, which is not the default (except perhaps in TW?)
Huh? that script (start-ntpd) seems older, the (c) is from 2014. Just one small correction (full-path was added to sntp call) in Jan.2016 So likely that bug was introduced with this script during the move from the sysV init /etc/init.d/ntp to the ntpd.service file. None the less, for running ntpd in client-mode, I see no added feature / security enhancement by using chroot, app-armor and or selinux brings better arguments to the table, at least for client-mode. For running ntpd as origin-server (with local hiprec timesource), or running a ntpd as ntp-relay for a bigger LAN, one can think of running in chroot. Then the bug hits you, but paging trough a OSS 12.3 install, it would also hit you prior to systemd, digging around a little, I found the following: The variable "NTPD_CHROOT_FILES" should be set to include all the "missing" files (/etc/sysconfig/ntp), this var defauls to empty. On openSUSE 12.3 as well as on Leap 42.1. TL;DR: just setting NTPD_RUN_CHROOTED="yes" in /etc/sysconfig/ntp does not get you a working chroot-ntpd, add the "missing" files with full path seperated by spaces to NTPD_CHROOT_FILES, which is empty by default. - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org