Mandi! Marco Baldini - H.S. Amiata In chel di` si favelave... > Just install a little VM with a NTP server (i use chrony) and sync hosts > with that. I went this route about two years ago and had no problem since > then
After googling a bit better then yesterday, i've done: root@clerk:~# lxc-info -n 100 -c lxc.cap.drop lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio and so i've added to /etc/pve/lxc/100.conf: lxc.cap.drop: lxc.cap.drop: mac_admin mac_override sys_module sys_rawio and now: root@clerk:~# lxc-info -n 100 -c lxc.cap.drop lxc.cap.drop = mac_admin mac_override sys_module sys_rawio So now i can run a NTP on my container, providing probably that is the only container with cap 'sys_time' enabled. Clearly i can run ntp on the hostm, or in a VM, but an AD DC mandate the presence of a ntp server, and probably having an NTP server that, if needed, cannot write to HWclock, could be a source of troubles... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) _______________________________________________ pve-user mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
