Re: heads up: mac_ntpd has to be explicitly loaded in recent stable/14

Reply: Cy Schubert : "Re: heads up: mac_ntpd has to be explicitly loaded in recent stable/14"
In reply to: Herbert J. Skuhra: "Re: heads up: mac_ntpd has to be explicitly loaded in recent stable/14"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Tomoaki AOKI <junchoon_at_dec.sakura.ne.jp>
Date: Mon, 10 Mar 2025 16:12:57 UTC

On Mon, 10 Mar 2025 16:37:58 +0100
"Herbert J. Skuhra" <herbert@gojira.at> wrote:

> On Mon, 10 Mar 2025 13:06:25 +0100, David Wolfskill wrote:
> > 
> > On Mon, Mar 10, 2025 at 01:51:40PM +0200, Marek Zarychta wrote:
> > > Hello List Subscirbers,
> > > 
> > > in the past the module was loaded automatically upon NTPD server startup.
> > > It's no longer true, now it has to be loaded earlier.
> > > Perhaps people running stable/14 might find this message useful.
> 
> Hmm, works for me on main and stable/14. 
> 
> > So... I noticed this for (precisely) one of the five machines I have
> > that track stable/14 -- the other 4 get mac_ntpd loaded automagically as
> > usual.
> > 
> > In the failing case, it seems that
> > 
> > 	sysctl security.mac.version
> > 
> > yielded
> > 
> > 	sysctl: unknown oid 'security.mac.version'
> 
> I only get this if I build a kernel without "options MAC". But in this
> no mac_* kernel modules are built and ntpd fails with:
> 
> Starting ntpd.
> daemon control: got EOF
> /etc/rc.d/ntpd: WARNING: failed to start ntpd

In this case, you'll find something like
  Need MAC 'ntpd' policy enabled to drop root privileges
  daemon child exited with code 255
in ntpd logfile (/var/db/ntpd.log in my case, but
possibly /var/log/messages by default).

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>