[ntp:questions] NTP daemon broken in 2.6.19?

MH mhaag at telkomsa.net
Sun Dec 31 14:19:46 UTC 2006


Timo Felbinger wrote:

> 
> On Sat, 23 Dec 2006, MH wrote:
> 
>> Timo Felbinger wrote:
>>
>> >
>> > On Sun, 17 Dec 2006, MH wrote:
>> >
>> >> I recently upgraded my kernel from 2.6.13 to 2.6.19 and discovered
>> >> that NTP service is no longer functional. The NTP daemon logs the
>> >> following:
>> >>
>> >> cap_set_proc() failed to drop root privileges: Operation not permitted
>> >>
>> >
>> > Make sure you have the "default linux capabilities" in your new kernel,
>> > either as a module (modprobe capability), or just compile them
>> > statically into the kernel (somewhere under "security options" in the
>> > kernel config menu).
>> >
>>
>> They were. Tried compiling them into the kernel as well. Same end result.
>> Weird thing is that NTPD actually synchronized successfully ONCE after
>> the new kernel was installed. It did not initially, nor has it since.
>> Very odd.
> 
> If it is really the cap_set_proc() call which fails  and you are sure you
> start ntpd with root privileges initially, then maybe you need to
> recompile and reinstall libcap to make it work with the new kernel? (I
> dimly recall that I had to do this at some point).
> The library version seems to be not critical, both 1.10 and 1.92 work for
> me with various 2.6.x kernels.
> 
> BTW, /proc/<pid>/status shows the current privileges of a process;
> for a root shell it should contain the lines
>   CapInh: 0000000000000000
>   CapPrm: 00000000fffffeff
>   CapEff: 00000000fffffeff
> For a running ntpd, it should look like
>   CapInh: 0000000002000000
>   CapPrm: 0000000002000000
>   CapEff: 0000000002000000
> 
> Good luck,
> 
> Timo
> 
> 
Tried your suggestion re: recompiling libcap. No joy. The timer server is
contacted successfully, but then NTPD dies. Oh well. It's just a desktop
box--but it is annoying nonetheless. I'll be upgrading to OpenSUSE 10.2
next week, so hopefully the problem will go away.




More information about the questions mailing list