Starting ntpd in a jail
ml at netfence.it
Sat Sep 29 08:55:42 UTC 2018
On 9/28/18 5:41 PM, doug at safeport.com wrote:
> I am missing something here. The jail share the kernel. Unless you want
> the jail to be in a different time zone than the kernel, why run ntp in
> a jail. It is interesting that even works.
Two cases at least:
A) you have multiple AD domains, so you have two Samba AD DCs, running
in two jails.
You'll need two ntpd instances with two different "ntpdsigndsocket"
B) for security, you don't want clients to mess with base's ntpd, whose
only task will be to set the host time.
A second ntpd in a jail (which of course cannot modify the host time)
can serve untrusted clients, so if it gets compromised it will only
affect that jail.
More information about the freebsd-questions