ntpd jail problem

xorquewasp at googlemail.com xorquewasp at googlemail.com
Sun Jun 8 12:16:23 UTC 2008

On 20080608 22:10:27, Peter Jeremy wrote:
> On 2008-Jun-08 11:32:54 +0100, xorquewasp at googlemail.com wrote:
> >I'm running an openntpd instance on the host machine, which syncs the
> >clock from the pool at pool.ntp.org. From the log output, ntpd claims to
> >be synced and the time does seem to be correct.
> >
> >I'm then running another openntpd in a jail which doesn't set the time,
> >just serves it to clients.
> I've never used openntpd but for the base ntpd, you should be able to
> just use 'server' to make it trust (and not alter) the
> base system time.  Note that this openntpd will not have access to the
> stratum information from the main ntpd but will have a fixed value and
> may need to be adjusted using a 'fudge' command (or equivalent).

Ok. Right.

> I'd be interested in knowing why you chose this approach rather than
> just syncing clients to the [open]ntpd instance in the host machine.

Just basic paranoia really. Nothing on the host is network-visible, all the
services are in jails.

Thanks for the information.

More information about the freebsd-hackers mailing list