[pkg-ntp-maintainers] Capabilities problem in new ntp
Peter Eisentraut
peter_e at gmx.net
Wed Apr 11 10:18:21 UTC 2007
ntp 4.2.4p0, which is currently in svn, doesn't appear to work out of the box.
I get this error message in the log:
cap_set_proc() failed to drop root privileges: Operation not permitted
The relevant code is
char *captext = interface_interval ?
"cap_sys_time,cap_net_bind_service=ipe" :
"cap_sys_time=ipe";
if( ! ( caps = cap_from_text( captext ) ) ) {
msyslog( LOG_ERR, "cap_from_text() failed: %m" );
exit(-1);
}
if( cap_set_proc( caps ) == -1 ) {
msyslog( LOG_ERR, "cap_set_proc() failed to drop root
privileges: %m" );
exit(-1);
}
If I disable the interface_interval thing by passing the option -U 0 (e.g.,
via /etc/default/ntp), then we get the "cap_sys_time=ipe" string which
corresponds to the old 4.2.2 behavior, and that indeed works.
Does anyone know why the cap_net_bind_service capability cannot be set?
More information about the pkg-ntp-maintainers
mailing list