On Mon, May 11, 2020 at 07:05:21PM +0200, Vincent Blut wrote: > From a quick glance, the rest seems to make sense.
There is an issue with the Unix domain socket that I missed before. It would need to be bound and have the owner changed before dropping the root privileges to have the root:chrony owner and avoid the DAC override for chronyc running under root. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.