Timo Felbinger wrote: > > On Sat, 23 Dec 2006, MH wrote: > >> Timo Felbinger wrote: >> >> > >> > On Sun, 17 Dec 2006, MH wrote: >> > >> >> I recently upgraded my kernel from 2.6.13 to 2.6.19 and discovered >> >> that NTP service is no longer functional. The NTP daemon logs the >> >> following: >> >> >> >> cap_set_proc() failed to drop root privileges: Operation not permitted >> >> >> > >> > Make sure you have the "default linux capabilities" in your new kernel, >> > either as a module (modprobe capability), or just compile them >> > statically into the kernel (somewhere under "security options" in the >> > kernel config menu). >> > >> >> They were. Tried compiling them into the kernel as well. Same end result. >> Weird thing is that NTPD actually synchronized successfully ONCE after >> the new kernel was installed. It did not initially, nor has it since. >> Very odd. > > If it is really the cap_set_proc() call which fails and you are sure you > start ntpd with root privileges initially, then maybe you need to > recompile and reinstall libcap to make it work with the new kernel? (I > dimly recall that I had to do this at some point). > The library version seems to be not critical, both 1.10 and 1.92 work for > me with various 2.6.x kernels. > > BTW, /proc/<pid>/status shows the current privileges of a process; > for a root shell it should contain the lines > CapInh: 0000000000000000 > CapPrm: 00000000fffffeff > CapEff: 00000000fffffeff > For a running ntpd, it should look like > CapInh: 0000000002000000 > CapPrm: 0000000002000000 > CapEff: 0000000002000000 > > Good luck, > > Timo > > Tried your suggestion re: recompiling libcap. No joy. The timer server is contacted successfully, but then NTPD dies. Oh well. It's just a desktop box--but it is annoying nonetheless. I'll be upgrading to OpenSUSE 10.2 next week, so hopefully the problem will go away.
_______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
