Adding CAP_IPC_LOCK to the cap_from_text() call makes the user ID lookup mechanism work as it should.
I believe this error is rather an artifact of the ntpd/ntpd.c patch in
ntp_4.2.8p4+dfsg-3's debian/patches/ntpd-linux-caps-runtime.patch. That
patch checks Linux capabilities by calling cap_from_text, but it does
not include the CAP_IPC_LOCK capability, which is needed to make mmap(2)
work; mmap is used by lower-level entity lookup routines, either in
libnss or libc -- I haven't dug to the bottom of it yet, other than
seeing that mmap fails.
