In unprivileged containers even after e8096330 "sys_linux: don't keep CAP_SYS_TIME with -x option" default installations will still run without an explicit -x being set and therefore fail by missing CAP_SYS_TIME.
In some use cases users want the NTP server service to "just work" which in a non-CAP_SYS_TIME environment means that chrony has to fall back. Yet on the other hand they can't use -x as at the time of config/install the eventually present condition can't be checked. In the most common case for this - containers - the host will be controlling the system clock and it is expected to be set up to a valid if not even the same NTP sources. So the system clock is (kind of) good even without chrony controlling it. By that a user will get an NTP server working independent to the environment, that will control the local time if it is able to do so. To some extend this can also be seen as an ntpd compat option which complained in syslog but did not crash under these conditions. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> --- doc/chronyd.adoc | 8 ++++++++ main.c | 5 ++++- sys.c | 7 +++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/doc/chronyd.adoc b/doc/chronyd.adoc index f5bb360..8845eb2 100644 --- a/doc/chronyd.adoc +++ b/doc/chronyd.adoc @@ -163,6 +163,14 @@ relative to the estimated true time, and be able to operate as an NTP server. This allows *chronyd* to run without the capability to adjust or set the system clock (e.g. in some containers). +*-X*:: +This option allows *chronyd* to disable the control of the system clock if +it fails to initialise the system clock driver. +*chronyd* will try to initialise the clock, but if it is failing it will fall +back to to the mode as described by the *-x* option. +This comes handy if one wants a config to work as NTP server in any +environment, but control the local clock only if it is possible. + *-v*:: With this option *chronyd* will print version number to the terminal and exit. diff --git a/main.c b/main.c index a2202e9..988c552 100644 --- a/main.c +++ b/main.c @@ -427,7 +427,7 @@ int main optind = 1; /* Parse short command-line options */ - while ((opt = getopt(argc, argv, "46df:F:hl:mnP:qQrRst:u:vx")) != -1) { + while ((opt = getopt(argc, argv, "46df:F:hl:mnP:qQrRst:u:vxX")) != -1) { switch (opt) { case '4': case '6': @@ -490,6 +490,9 @@ int main case 'x': clock_control = 0; break; + case 'X': + clock_control = -1; + break; default: print_help(progname); return opt != 'h'; diff --git a/sys.c b/sys.c index 391b259..6f92265 100644 --- a/sys.c +++ b/sys.c @@ -74,6 +74,13 @@ SYS_Initialise(int clock_control) if (!initalised) { if (clock_control > 0) LOG_FATAL("Could not initialise system clock driver"); + + if (clock_control == -1) { + LOG(LOGS_WARN, "Could not initialise system clock driver"); + LOG(LOGS_WARN, "Falling back by disabling control of system clock"); + null_driver = 1; + SYS_Null_Initialise(); + } } } -- 2.7.4 -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.