Thanks to Vincent Blut I was pointed to [1] That pretty much looks like the patch I was going to write, thanks a lot Vincent!
There are some extra needs, to actually start in a container, but maybe those are upstream as well - I'll check that. Otherwise my plan would be to somehow match on !cap_sys_time to add -x as parameter. Maybe a second systemd file chronyd-container.service or such would do (a bit annoying to be a different name, but alias won't work as there is the real "chrony" service. Maybe I can do that in one service file to depend the arguments on the capability. Since !cap / cap is mutally exclusive only one of each would run at any time. But as I said, maybe such a change was made upstream already and could also be backported. [1]: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=e8096330be1eb4db25b14152b14550c6c0bbaa63 ** Changed in: chrony (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589780 Title: chrony.service doesn't start on LXD container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1589780/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
