[Git][NTPsec/ntpsec][master] systemd: Allow running in containers
Matt Selsky
gitlab at mg.gitlab.com
Sun Mar 4 18:45:57 UTC 2018
Matt Selsky pushed to branch master at NTPsec / ntpsec
Commits:
6d5cb0fe by Richard Laager at 2018-03-04T18:44:29Z
systemd: Allow running in containers
The systemd units were conditionalized on !container as well as
CAP_SYS_TIME. There is nothing inherently wrong with running ntpd in a
container. In typical containers, it will fail for lack of
CAP_SYS_TIME, but that is already handled by the second condition. If
someone wants to run ntpd in a privileged container which has
CAP_SYS_TIME, it works fine. I personally tested this.
This is the same approach used by chrony in Debian, which was also
discussed in this RedHat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1306046
This was inspired by this bug report:
https://bugs.debian.org/890771
- - - - -
2 changed files:
- etc/ntp-wait.service
- etc/ntpd.service
Changes:
=====================================
etc/ntp-wait.service
=====================================
--- a/etc/ntp-wait.service
+++ b/etc/ntp-wait.service
@@ -3,7 +3,6 @@ Description=Wait for ntpd to synchronize system clock
Requisite=ntpd.service
After=ntpd.service
Conflicts=systemd-timesyncd.service
-ConditionVirtualization=!container
ConditionCapability=CAP_SYS_TIME
[Service]
=====================================
etc/ntpd.service
=====================================
--- a/etc/ntpd.service
+++ b/etc/ntpd.service
@@ -2,7 +2,6 @@
Description=Network Time Service
Documentation=man:ntpd(8)
Wants=network.target
-ConditionVirtualization=!container
ConditionCapability=CAP_SYS_TIME
After=network.target nss-lookup.target
Conflicts=systemd-timesyncd.service
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/6d5cb0fedd86735b65d091a4135410d42d1ac88f
---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/6d5cb0fedd86735b65d091a4135410d42d1ac88f
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180304/3e516e75/attachment.html>
More information about the vc
mailing list