On Thu, Jul 03, 2025 at 02:23:45PM +0200, David Venhoek wrote: > However, we are currently running into a challenge with proper security > isolation for the ntpd-rs daemon, which is that gpsd insists that these > sockets need to be in the root of the RUNDIR, which is only writable as > root, and we strongly recommend people not to run ntpd-rs as root. A > workaround for this for us is to recommend users to make a symlink from > where gpsd expects the socket to a place where ntpd-rs can create it with > limited rights. However this is a bit of a hack and we would prefer a more > streamlined solution if possible.
A less-hacky way would be to let systemd create that socket and pass it to ntpd-rs (indicated in the LISTEN_FDS variable). See https://www.freedesktop.org/software/systemd/man/latest/sd_listen_fds.html -- Miroslav Lichvar
