[pkg-ntp-maintainers] Capabilities problem in new ntp
Kurt Roeckx
kurt at roeckx.be
Sat Apr 14 23:07:40 UTC 2007
On Wed, Apr 11, 2007 at 12:18:21PM +0200, Peter Eisentraut wrote:
> ntp 4.2.4p0, which is currently in svn, doesn't appear to work out of the box.
> I get this error message in the log:
>
> cap_set_proc() failed to drop root privileges: Operation not permitted
A strace shows:
capset(0x19980330, 0, {CAP_SETGID|CAP_SETUID|CAP_SYS_CHROOT|CAP_SYS_TIME, CAP_SETGID|CAP_SETUID|CAP_SYS_CHROOT|CAP_SYS_TIME, 0}) = 0
prctl(0x8, 0x1, 0, 0, 0) = 0
setgid(117) = 0
setresgid(-1, 117, -1) = 0
setuid(112) = 0
setresuid(-1, 112, -1) = 0
capset(0x19980330, 0, {CAP_NET_BIND_SERVICE|CAP_SYS_TIME, CAP_NET_BIND_SERVICE|CAP_SYS_TIME, 0}) = -1 EPERM (Operation not permitted)
So, the first capset() didn't have CAP_NET_BIND_SERVICE, and we don't
have CAP_SETPCAP either.
I've changed the ntpd-linux-caps.patch to include it, and it seems to be
running here.
Kurt
More information about the pkg-ntp-maintainers
mailing list