Re: heads up: mac_ntpd has to be explicitly loaded in recent stable/14
Date: Tue, 11 Mar 2025 16:29:07 UTC
W dniu 11.03.2025 o 16:13, Cy Schubert pisze: > In message <20250311011257.dd642ecbcd132ecb7142dc35@dec.sakura.ne.jp>, > Tomoaki > AOKI writes: >> On Mon, 10 Mar 2025 16:37:58 +0100 >> "Herbert J. Skuhra" <herbert@gojira.at> wrote: >> >>> On Mon, 10 Mar 2025 13:06:25 +0100, David Wolfskill wrote: >>>> On Mon, Mar 10, 2025 at 01:51:40PM +0200, Marek Zarychta wrote: >>>>> Hello List Subscirbers, >>>>> >>>>> in the past the module was loaded automatically upon NTPD server startu >> p. >>>>> It's no longer true, now it has to be loaded earlier. >>>>> Perhaps people running stable/14 might find this message useful. >>> Hmm, works for me on main and stable/14. >>> >>>> So... I noticed this for (precisely) one of the five machines I have >>>> that track stable/14 -- the other 4 get mac_ntpd loaded automagically as >>>> usual. >>>> >>>> In the failing case, it seems that >>>> >>>> sysctl security.mac.version >>>> >>>> yielded >>>> >>>> sysctl: unknown oid 'security.mac.version' >>> I only get this if I build a kernel without "options MAC". But in this >>> no mac_* kernel modules are built and ntpd fails with: >>> >>> Starting ntpd. >>> daemon control: got EOF >>> /etc/rc.d/ntpd: WARNING: failed to start ntpd >> In this case, you'll find something like >> Need MAC 'ntpd' policy enabled to drop root privileges >> daemon child exited with code 255 >> in ntpd logfile (/var/db/ntpd.log in my case, but >> possibly /var/log/messages by default). > I don't understand why some systems (those in this thread) have a problem > not loading mac_ntpd while others, i.e. my stable/14 at $JOB, are fine. I'd > like to try to understand the differences between those that work and those > that don't. > > First of all, the ntpd rc script bails without saying why when it > encounters a problem. can_run_nonroot() simply returns a bad return code > leaving us to wonder why. > > The first order of business is to produce a patch to indicate why it > bails. Please apply the attached patch and let me know where it fails. > Messages will be printed to stderr and to /var/log/messages (assuming > daemon.err is sent there). > >> -- >> Tomoaki AOKI <junchoon@dec.sakura.ne.jp> >> > > > > Cheers, > Cy Schubert <Cy.Schubert@cschubert.com> > FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org > NTP: <cy@nwtime.org> Web: https://nwtime.org > > e^(i*pi)+1=0 Output from the patch: Mar 11 17:20:35 plan-b ntpd[60113]: ntpd 4.2.8p18-a (17): Starting Mar 11 17:20:35 plan-b ntpd[60113]: Command line: /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -u ntpd:ntpd Mar 11 17:20:35 plan-b ntpd[60113]: ---------------------------------------------------- Mar 11 17:20:35 plan-b ntpd[60113]: ntp-4 is maintained by Network Time Foundation, Mar 11 17:20:35 plan-b ntpd[60113]: Inc. (NTF), a non-profit 501(c)(3) public-benefit Mar 11 17:20:35 plan-b ntpd[60113]: corporation. Support and training for ntp-4 are Mar 11 17:20:35 plan-b ntpd[60113]: available at https://www.nwtime.org/support Mar 11 17:20:35 plan-b ntpd[60113]: ---------------------------------------------------- Mar 11 17:20:35 plan-b ntpd[60114]: switching logging to file /var/log/ntp Mar 11 17:20:36 plan-b ntpd[60113]: daemon child exited with code 255 Mar 11 17:20:36 plan-b root[60118]: /etc/rc.d/ntpd: WARNING: failed to start ntpd Debugging output from from the unpatched /etc/rc.d/ntpd: (...) + echo 'Starting ntpd.' Starting ntpd. + [ -n '' ] + _cd='' + _doit=' /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -u ntpd:ntpd' + [ -n '' ] + [ -n '' ] + [ -n '' ] + [ -n '' ] + _doit=' limits -C daemon /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -u ntpd:ntpd' + _run_rc_doit ' limits -C daemon /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -u ntpd:ntpd' + local _m + debug 'run_rc_command: doit: limits -C daemon /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -u ntpd:ntpd' + umask + _m=0022 + + eval ' limits -C daemon /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -u ntpd:ntpd' + limits -C daemon /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -u ntpd:ntpd daemon control: got EOF + _return=255 + umask 0022 + [ 255 -ne 0 ] + [ -z '' ] + return 1 + warn 'failed to start ntpd' + [ -x /usr/bin/logger ] + logger '/etc/rc.d/ntpd: WARNING: failed to start ntpd' + echo '/etc/rc.d/ntpd: WARNING: failed to start ntpd' /etc/rc.d/ntpd: WARNING: failed to start ntpd + return 1 -- Marek Zarychta