Den ons. 16. jun. 2021 kl. 12.26 skrev Michael Olbrich <[email protected]>: > > Hi, > > I don't use chrony myself, so I can just look at the build-system. > > On Tue, Jun 15, 2021 at 11:55:47AM +0200, Mircea Ciocan wrote: > > unless I'm doing something very wrong, the "out of the box" chrony package > > does not allow talking with the chronyc, the client and daemon control > > user-space utility, it doesn't even create the Unix socket: > > /var/run/chrony/chronyd.sock. > > > > Once the line "--without-tomcrypt" in CHRONY_CONF_OPT is removed, everything > > will work OK. > > This makes no sense at all. tomcrypt is a external library that is > currently not available in PTXdist. So removing this options should not > change anything. > Please take a look at the build (e.g. changes to config.h and Makefile) to > see what actually happens. > > > Also the option "--with-user=chrony" may make the daemon more > > secure, but it certainly messes up the logging and drift files due to > > permissions of the /var/run and /var/log. > > That's just the default user. And as far as I know, this works fine with > systemd. If you use busybox init, then maybe the init script needs to be > changed to create directories with the correct permissions.
I can confirm that it works as expected in systemd. This is how it looks when service is started as chrony. As root user: root@xxxxxxxx:~ chronyc -n sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 10.10.10.10 3 6 377 45 +141us[ +315us] +/- 30ms root@xxxxxxxx:~ ls -lah /run/chrony/ total 8.0K drwxr-x--- 2 chrony chrony 100 Jun 16 08:11 . drwxr-xr-x 21 root root 600 Jun 16 08:11 .. -rw-r--r-- 1 chrony chrony 42 Jun 16 07:57 chrony.drift -rw-r--r-- 1 root root 4 Jun 15 06:48 chronyd.pid srwxr-xr-x 1 chrony chrony 0 Jun 15 06:48 chronyd.sock As tech user (another user, not in chrony group); tech@xxxxxxxx:~ chronyc -n sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 10.10.10.10 3 6 377 45 -134us[ -266us] +/- 31ms tech@xxxxxxxx:~ ls -lah /run/chrony/ ls: cannot open directory '/run/chrony/': Permission denied > Patches are welcome. We could revert the service user to root when using busybox init. /Bruno > > Out of these only the tomcrypt removal is critical, if somebody can explain > > the reason behind it, or what can be done to enable the client functionality > > with the existing compile time options I'll be most happy, because now I had > > to move the rule to project rules and remove it. > > Michael > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > _______________________________________________ > ptxdist mailing list > [email protected] > To unsubscribe, send a mail with subject "unsubscribe" to > [email protected] _______________________________________________ ptxdist mailing list [email protected] To unsubscribe, send a mail with subject "unsubscribe" to [email protected]
