[ntp:questions] NTP daemon broken in 2.6.19?

Timo Felbinger Timo.Felbinger at physik.uni-potsdam.de
Fri Dec 29 10:16:16 UTC 2006


On Sat, 23 Dec 2006, MH wrote:

> Timo Felbinger wrote:
>
> >
> > On Sun, 17 Dec 2006, MH wrote:
> >
> >> I recently upgraded my kernel from 2.6.13 to 2.6.19 and discovered that
> >> NTP service is no longer functional. The NTP daemon logs the following:
> >>
> >> cap_set_proc() failed to drop root privileges: Operation not permitted
> >>
> >
> > Make sure you have the "default linux capabilities" in your new kernel,
> > either as a module (modprobe capability), or just compile them statically
> > into the kernel (somewhere under "security options" in the kernel config
> > menu).
> >
>
> They were. Tried compiling them into the kernel as well. Same end result.
> Weird thing is that NTPD actually synchronized successfully ONCE after the
> new kernel was installed. It did not initially, nor has it since. Very odd.

If it is really the cap_set_proc() call which fails  and you are sure you
start ntpd with root privileges initially, then maybe you need to recompile
and reinstall libcap to make it work with the new kernel? (I dimly recall
that I had to do this at some point).
The library version seems to be not critical, both 1.10 and 1.92 work for
me with various 2.6.x kernels.

BTW, /proc/<pid>/status shows the current privileges of a process;
for a root shell it should contain the lines
  CapInh: 0000000000000000
  CapPrm: 00000000fffffeff
  CapEff: 00000000fffffeff
For a running ntpd, it should look like
  CapInh: 0000000002000000
  CapPrm: 0000000002000000
  CapEff: 0000000002000000

Good luck,

Timo


-- 
Timo Felbinger                  http://www.felbinger.net
Quantum Physics Group           Phone:  +49 331 977 1793   Fax: -1767
Institut fuer Physik            Mobile: +49 177 735 1936
Universitaet Potsdam, Germany   PGP key-id: E92567B2




More information about the questions mailing list