Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.
This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.
Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.
Differential Revision: https://reviews.freebsd.org/D16281
Leap-second smearing is an experimental option that may be specified in
ntp.conf(5) and the -x option on the command line to spread the effect
of a leap-second over an interval as specified by the leapsmearinterval
config file statement. Recommended values are between 7200 (2 hours) and
86400 (24 hours).
It is advised that leap-second smearing not be used for public NTP
servers (https://www.meinbergglobal.com/download/burnicki/Leap\
%20Second%20Smearing%20With%20NTP.pdf). It is also advised that NTP
clients not use a mix of NTP servers using leap-second smearing with
NTP servers not using leap-second smearing as that could cause
undefined client behaviour.
Leap-second smearing was committed to ports net/ntp and net/ntp-devel
by r426825 on 2016-11-22.
Suggested by: des
MFC after: 4 weeks
-HEAD) in libntp so we can make reproducible build.
PR: bin/201661
Reviewed by: gjb, cy, roberto
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D3122
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
getting more and more popular, as source of precise time, and the gpsd
daemon from ports is using the shared memory to synchronize with ntpd.
Reviewed by: roberto
The utmp code in systime.c is not enabled, so including <utmp.h> has no
effect in our setup. This makes it a little easier for me to migrate to
<utmpx.h>.
Approved by: roberto
sntp includes a copy of libopts in itself in vendor code, rewrite the
Makefile to compile and use only one copy. It is an internal library, not
installed.
MFC after: 2 weeks
It does survive « make release ».
Uses an upcoming patch from the vendor branch (ntp-stable) of ntp-keygen.
Submitted by: Marius Strobl <marius@alchemy.franken.de>
This bring us several things:
- updated drivers
- IPv6 support at last
- ntp-genkeys is replaced by ntp-keygen
- ntptrace is now a script (courtesy of John Hay)
- lots of renamed files from .htm to .html (while I prefer .html, I
find the change a bit gratuitous)
- still no manpages :(
Please test and report.
Commit very much helped by: GNU arch (http://gnuarch.org/)
branch and a few new drivers. See contrib/ntp/ChangeLog for details.
Hide kernel header sys/lock.h from ntp [1]
PR: bin/33914
Submitted by: thomas, bde[1]
MFC after: 1 month
for a scheduling boost. This is a conservative change that should
make no difference in practice and eliminate concerns about this being
the source of some SMP hangs.
Configuration scripts should never auto-configure P1003.1B
without a second test. The behavior with respect to regular time
sharing, who can access it, etc., is not defined.
Approved by: jkh
This is the second part of the commit (the third -- link in usr.sbin/Makefile)
will be done after a more complete review by phk & obrien.
NOTE: the number of drivers included in the default configuration is very
minimal, mainly local clocks and the one I use RAWDCF. Anyone wanting to
have a more complete version will find recompilation very easy.
It builds and runs on both alpha & i386. It also does survive "make world".
Reviewed by: phk, obrien (partly)
