Dear GPSd developers/maintainers, We recently have begun using gpsd's socket interface to communicate time information to chrony also within the ntpd-rs ntp client. We strongly preferred this approach over the shared memory approach since it is almost impossible to interact in a sound way with shared memory from rust code.
However, we are currently running into a challenge with proper security isolation for the ntpd-rs daemon, which is that gpsd insists that these sockets need to be in the root of the RUNDIR, which is only writable as root, and we strongly recommend people not to run ntpd-rs as root. A workaround for this for us is to recommend users to make a symlink from where gpsd expects the socket to a place where ntpd-rs can create it with limited rights. However this is a bit of a hack and we would prefer a more streamlined solution if possible. We would be willing to provide patches providing a solution, but given the statements in the hacking guide, we are wondering what sort of solution you would prefer. As we see it, there are two obvious approaches: 1) Make the root directory for these sockets configurable via a command line flag. This could be complemented with a command on the control socket to change it dynamically, but perhaps this is one of the rare cases where that doesn't really make much sense. 2) Make the location of the socket configurable on a per-device basis, both in the command line interface and via the control socket. Would you be open for patches implementing one of these approaches? Or is there some other approach we've missed here that you would be open to? Kind regards, On behalf of the ntpd-rs maintainers David Venhoek
