Robert Connolly wrote: > On Monday May 21 2007 12:51:59 pm Bruce Dubbs wrote: >> Looking at the code for ntp, it seems that libcap is only used if >> HAVE_DROPROOT is defined. This is only defined if $ac_clockctl and >> $ac_cv_header_sys_clockctl_h are 'yes' in configure. >> >> Looking at configure: >> >> $ac_clockctl requires sys/clockctl.h which appears to be BSD only >> $ac_cv_header_sys_clockctl_h seems to be used but never defined. >> >> The bottom line is that I don't see how libcap is ever used in ntp. >> >> I have not done any analysis on the other programs you mention. >> >> -- Bruce > > Ntpd is dropping root for me: > $ ps aux | grep ntp > ntpd 18869 0.0 0.0 4000 1320 ? SNs 07:26 > 0:00 /usr/bin/ntpd --configfile=/etc/ntpd.conf --jaildir=/var/lib/ntpd > --logfile=/var/lib/ntpd/ntpd.log --pidfile=/var/lib/ntpd/ntpd.pid > --user=ntpd:ntpd --no-load-opts > > ./configure of ntpd-4.2.4p0 with --enable-linuxcaps gives me: > $ grep HAVE_DROPROOT config.h > #define HAVE_DROPROOT
Oh, I see now. There are two places in configure that can define HAVE_DROPROOT. If --enable-linuxcaps is specified and and you have both sys/prctl.h and sys/capability.h, it gets set. The other way requires the existence of /dev/clockctl and sys/clockctl.h, but I don't know how the create /dev/clockctl. A quick google search seems to indicate that it is NetBSD only. There is no mention of clockctl in the kernel source. In any case, I think the owl_fixes are a bit much for BLFS proper. Perhaps the user notes of HLFS would be better. Other opinions? -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
