Re: heads up: mac_ntpd has to be explicitly loaded in recent stable/14

Reply: Marek Zarychta : "Re: heads up: mac_ntpd has to be explicitly loaded in recent stable/14"
In reply to: David Wolfskill : "Re: heads up: mac_ntpd has to be explicitly loaded in recent stable/14"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Tomoaki AOKI <junchoon_at_dec.sakura.ne.jp>
Date: Mon, 10 Mar 2025 12:17:10 UTC

On Mon, 10 Mar 2025 05:06:25 -0700
David Wolfskill <david@catwhisker.org> wrote:

> On Mon, Mar 10, 2025 at 01:51:40PM +0200, Marek Zarychta wrote:
> > Hello List Subscirbers,
> > 
> > in the past the module was loaded automatically upon NTPD server startup.
> > It's no longer true, now it has to be loaded earlier.
> > Perhaps people running stable/14 might find this message useful.
> > 
> > Cheers
> > ....
> 
> So... I noticed this for (precisely) one of the five machines I have
> that track stable/14 -- the other 4 get mac_ntpd loaded automagically as
> usual.
> 
> In the failing case, it seems that
> 
> 	sysctl security.mac.version
> 
> yielded
> 
> 	sysctl: unknown oid 'security.mac.version'
> 
> which thus caused the code in /etc/rc.d/ntpd:
> 
>         # Try to set up the MAC ntpd policy so ntpd can run with reduced
>         # privileges.  Detect whether MAC is compiled into the kernel, load
>         # the policy module if not already present, then check whether the
>         # policy has been disabled via tunable or sysctl.
>         [ -n "$(sysctl -qn security.mac.version)" ] || return 1
>         sysctl -qn security.mac.ntpd >/dev/null || kldload -qn mac_ntpd || return 1
>         [ "$(sysctl -qn security.mac.ntpd.enabled)" == "1" ] || return 1
> 
> (in can_run_nonroot()) to return before the kldload can run.
> 
> As the (only) machine that exhibits the failure is the one that
> acts as my Internet gateway, I am fairly reluctant to have it down
> longer than necessary. :-}
> 
> (I admit that I was beginning to wonder if what I seemed to be
> seeing was actually real.)
> 
> Peace,
> david
> -- 
> David H. Wolfskill                              david@catwhisker.org
> Thank you, Claude Malhuret.
> https://wickedemerald.wordpress.com/2025/03/08/speech-from-claude-malhuret/
> 
> See https://www.catwhisker.org/~david/publickey.gpg for my public key.

FYI:
  https://lists.freebsd.org/archives/dev-commits-src-branches/2025-February/021308.html
  https://lists.freebsd.org/archives/dev-commits-src-branches/2025-February/021313.html
  https://lists.freebsd.org/archives/dev-commits-src-branches/2025-February/021312.html
  https://lists.freebsd.org/archives/dev-commits-src-branches/2025-February/021315.html
  https://lists.freebsd.org/archives/dev-commits-src-branches/2025-March/021327.html

Maybe order of some evaluations in /etc/rc.d/ntpd needs to be moved.

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>