Linux capabilites check broken on NetBSD

Eric S. Raymond esr at thyrsus.com
Fri Jul 8 02:38:02 UTC 2016


Matthew Selsky <Matthew.Selsky at twosigma.com>:
> On Wed, Jul 06, 2016 at 09:20:54PM -0400, Eric S. Raymond wrote:
> > Hal Murray <hmurray at megapathdsl.net>:
> > > On NetBSD:
> > > 07-06T15:42:17 ntpd[4940]: root can't be dropped due to missing capabilities.
> > 
> > So don't do that, then. Drop root, I mean.  Without some equivalent of Linux
> > or Solaris fine-grained privilege control, setting the clock won't work
> > afterwards.
> > 
> > What has NetBSD been doing before this?
> 
> NetBSD should be using the clockctl interface:
> http://netbsd.gw.com/cgi-bin/man-cgi?clockctl+4.i386+NetBSD-7.0
> 
> This was in Classic since 2002:
> https://gitlab.com/NTPsec/ntpsec/commit/b707b5e4b6168bca7e5e2553a551159e3da7ab5c
> 
> Looks like we just need to add a check for sys/clockctl.h to waf and
> pylib/configure.py and the C library will do the right thing(tm)
> behind the scenes.

Attempted port fix pushed. Please test.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


More information about the devel mailing list