> 1) Fix the apparmor policy. ... Is it easy to hack the startup scripts to change the mode so root can read it?
That sort of stuff used to be easy before systemd. It actually executed /etc/sysconfig/ntpd We have similar problems of needing to run ldattach for PPS. I haven't figured out how to do that cleanly with systemd. I disabled ntpd and started it from rc.local > 2) Read the drift file after dropping privileges, rather than before. > Is #2 feasible? Maybe, but I'm pretty sure there is no reason for mode 600 and I've written hacks that read it. You can get the same info from the kernel without fancy permissions via ntp_adjtime. We even ship a program to do it: ntptime. We have similar problems with log files. I'm not familiar with apparmor. We should document what is necessary. I'm pretty sure we don't write any of the stats files until long after dropping root. So they work if the directory (/var/log/ntpstats/) is owned by ntp. ntpd.log is a bit trickier. It gets opened as root, and reopened as ntp if you send it SIGHUP after log rotate. ntpd can make new versions if you put them in /var/log/ntpstats/. Without apparmor, root can open them the next time ntpd is (re)started. Have you tried refclocks with apparmor? I think the current code opens them before dropping root. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
