Linux capabilites check broken on NetBSD

Matthew Selsky Matthew.Selsky at twosigma.com
Fri Jul 8 01:24:42 UTC 2016


On Wed, Jul 06, 2016 at 09:20:54PM -0400, Eric S. Raymond wrote:
> Hal Murray <hmurray at megapathdsl.net>:
> > On NetBSD:
> > 07-06T15:42:17 ntpd[4940]: root can't be dropped due to missing capabilities.
> 
> So don't do that, then. Drop root, I mean.  Without some equivalent of Linux
> or Solaris fine-grained privilege control, setting the clock won't work
> afterwards.
> 
> What has NetBSD been doing before this?

NetBSD should be using the clockctl interface:
http://netbsd.gw.com/cgi-bin/man-cgi?clockctl+4.i386+NetBSD-7.0

This was in Classic since 2002:
https://gitlab.com/NTPsec/ntpsec/commit/b707b5e4b6168bca7e5e2553a551159e3da7ab5c

Looks like we just need to add a check for sys/clockctl.h to waf and pylib/configure.py and the C library will do the right thing(tm) behind the scenes.


Cheers,
-Matt


More information about the devel mailing list