On Sat, 23 Dec 2006, MH wrote: > Timo Felbinger wrote: > > > > > On Sun, 17 Dec 2006, MH wrote: > > > >> I recently upgraded my kernel from 2.6.13 to 2.6.19 and discovered that > >> NTP service is no longer functional. The NTP daemon logs the following: > >> > >> cap_set_proc() failed to drop root privileges: Operation not permitted > >> > > > > Make sure you have the "default linux capabilities" in your new kernel, > > either as a module (modprobe capability), or just compile them statically > > into the kernel (somewhere under "security options" in the kernel config > > menu). > > > > They were. Tried compiling them into the kernel as well. Same end result. > Weird thing is that NTPD actually synchronized successfully ONCE after the > new kernel was installed. It did not initially, nor has it since. Very odd.
If it is really the cap_set_proc() call which fails and you are sure you start ntpd with root privileges initially, then maybe you need to recompile and reinstall libcap to make it work with the new kernel? (I dimly recall that I had to do this at some point). The library version seems to be not critical, both 1.10 and 1.92 work for me with various 2.6.x kernels. BTW, /proc/<pid>/status shows the current privileges of a process; for a root shell it should contain the lines CapInh: 0000000000000000 CapPrm: 00000000fffffeff CapEff: 00000000fffffeff For a running ntpd, it should look like CapInh: 0000000002000000 CapPrm: 0000000002000000 CapEff: 0000000002000000 Good luck, Timo -- Timo Felbinger http://www.felbinger.net Quantum Physics Group Phone: +49 331 977 1793 Fax: -1767 Institut fuer Physik Mobile: +49 177 735 1936 Universitaet Potsdam, Germany PGP key-id: E92567B2 _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
