On Tue, 11 Mar 2025 12:21:03 -0700 Cy Schubert <[email protected]> wrote:
> In message <[email protected]>, > Tomoaki > AOKI writes: > > On Tue, 11 Mar 2025 12:08:10 -0700 > > Cy Schubert <[email protected]> wrote: > > > > > In message <[email protected]>, > > > Tomoaki > > > AOKI writes: > > > > On Tue, 11 Mar 2025 08:13:51 -0700 > > > > Cy Schubert <[email protected]> wrote: > > > > > > > > > In message > > > > > <[email protected]>, > > > > > Tomoaki > > > > > AOKI writes: > > > > > > On Mon, 10 Mar 2025 16:37:58 +0100 > > > > > > "Herbert J. Skuhra" <[email protected]> wrote: > > > > > > > > > > > > > On Mon, 10 Mar 2025 13:06:25 +0100, David Wolfskill wrote: > > > > > > > > > > > > > > > > On Mon, Mar 10, 2025 at 01:51:40PM +0200, Marek Zarychta wrote: > > > > > > > > > Hello List Subscirbers, > > > > > > > > > > > > > > > > > > in the past the module was loaded automatically upon NTPD > > > > > > > > > serve > > r st > > > > artu > > > > > > p. > > > > > > > > > It's no longer true, now it has to be loaded earlier. > > > > > > > > > Perhaps people running stable/14 might find this message > > > > > > > > > useful > > . > > > > > > > > > > > > > > Hmm, works for me on main and stable/14. > > > > > > > > > > > > > > > So... I noticed this for (precisely) one of the five machines I > > > > > > > > h > > ave > > > > > > > > that track stable/14 -- the other 4 get mac_ntpd loaded > > > > > > > > automagic > > ally > > > > as > > > > > > > > usual. > > > > > > > > > > > > > > > > In the failing case, it seems that > > > > > > > > > > > > > > > > sysctl security.mac.version > > > > > > > > > > > > > > > > yielded > > > > > > > > > > > > > > > > sysctl: unknown oid 'security.mac.version' > > > > > > > > > > > > > > I only get this if I build a kernel without "options MAC". But in > > > > > > > t > > his > > > > > > > no mac_* kernel modules are built and ntpd fails with: > > > > > > > > > > > > > > Starting ntpd. > > > > > > > daemon control: got EOF > > > > > > > /etc/rc.d/ntpd: WARNING: failed to start ntpd > > > > > > > > > > > > In this case, you'll find something like > > > > > > Need MAC 'ntpd' policy enabled to drop root privileges > > > > > > daemon child exited with code 255 > > > > > > in ntpd logfile (/var/db/ntpd.log in my case, but > > > > > > possibly /var/log/messages by default). > > > > > > > > > > I don't understand why some systems (those in this thread) have a > > > > > probl > > em > > > > > not loading mac_ntpd while others, i.e. my stable/14 at $JOB, are > > > > > fine. > > I'd > > > > > > > > > like to try to understand the differences between those that work and > > > > > t > > hose > > > > > > > > > that don't. > > > > > > > > > > First of all, the ntpd rc script bails without saying why when it > > > > > encounters a problem. can_run_nonroot() simply returns a bad return > > > > > cod > > e > > > > > leaving us to wonder why. > > > > > > > > > > The first order of business is to produce a patch to indicate why it > > > > > bails. Please apply the attached patch and let me know where it > > > > > fails. > > > > > Messages will be printed to stderr and to /var/log/messages (assuming > > > > > daemon.err is sent there). > > > > > > > > The output after patch (without loading mac_ntpd.ko manually): > > > > > > > > Mar 12 03:27:35 ***** rc.d/ntpd[2581]: user cannot access files > > > > listed in command line, exiting > > > > Mar 12 03:27:35 ***** root[2589]: /etc/rc: WARNING: failed to start ntpd > > > > > > > > See > > > > > > > > https://lists.freebsd.org/archives/dev-commits-src-branches/2025-Februa > > ry/0 > > > > 21308.html > > > > for my options related with ntpd. > > > > > > Is this before ntpd -u commit was reverted or after? > > > > Before revert. As I don't pull updates after I read your post which > > included the patch. > > > > > > > Please grep ntpd /etc/rc.conf. > > > > Result stripping comments. > > > > % grep ntpd /etc/rc.conf > > ntpd_flags="-4 -g -x -f /var/db/ntp/ntpd.drift -l /var/log/ntpd.log" > > This is your problem. Remove the -f and -l arguments and put the logfile > and driftfile ntp.conf statements instead. Wait, another way that works?! So I should consider it as a bug in ntpd. If the statements in ntpd.conf works, command line options should work just the same way (usually, if configuration files and command line option has the same functionalities, command line option is preferred to override, like /etc/make.conf and `make` command line). Anyway, I'll try it once the ongoing heavy rebuilds finished. > > > ntpd_config="/etc/ntp/ntp.conf" > > ntpd_enable="YES" > > ntpd_sync_on_start="YES" > > daily_ntpd_leapfile_enable="YES" > > % > > > > > -- > Cheers, > Cy Schubert <[email protected]> > FreeBSD UNIX: <[email protected]> Web: https://FreeBSD.org > NTP: <[email protected]> Web: https://nwtime.org > > e^(i*pi)+1=0 -- Tomoaki AOKI <[email protected]>
