Starting ntpd in a jail

Andrea Venturoli ml at
Sat Sep 29 08:55:42 UTC 2018

On 9/28/18 5:41 PM, doug at wrote:

> I am missing something here. The jail share the kernel. Unless you want 
> the jail to be in a different time zone than the kernel, why run ntp in 
> a jail. It is interesting that even works.

Two cases at least:

A) you have multiple AD domains, so you have two Samba AD DCs, running 
in two jails.
You'll need two ntpd instances with two different "ntpdsigndsocket" 

B) for security, you don't want clients to mess with base's ntpd, whose 
only task will be to set the host time.
A second ntpd in a jail (which of course cannot modify the host time) 
can serve untrusted clients, so if it gets compromised it will only 
affect that jail.


More information about the freebsd-questions mailing list