On Mon, Mar 10, 2025 at 01:51:40PM +0200, Marek Zarychta wrote: > Hello List Subscirbers, > > in the past the module was loaded automatically upon NTPD server startup. > It's no longer true, now it has to be loaded earlier. > Perhaps people running stable/14 might find this message useful. > > Cheers > ....
So... I noticed this for (precisely) one of the five machines I have
that track stable/14 -- the other 4 get mac_ntpd loaded automagically as
usual.
In the failing case, it seems that
sysctl security.mac.version
yielded
sysctl: unknown oid 'security.mac.version'
which thus caused the code in /etc/rc.d/ntpd:
# Try to set up the MAC ntpd policy so ntpd can run with reduced
# privileges. Detect whether MAC is compiled into the kernel, load
# the policy module if not already present, then check whether the
# policy has been disabled via tunable or sysctl.
[ -n "$(sysctl -qn security.mac.version)" ] || return 1
sysctl -qn security.mac.ntpd >/dev/null || kldload -qn mac_ntpd ||
return 1
[ "$(sysctl -qn security.mac.ntpd.enabled)" == "1" ] || return 1
(in can_run_nonroot()) to return before the kldload can run.
As the (only) machine that exhibits the failure is the one that
acts as my Internet gateway, I am fairly reluctant to have it down
longer than necessary. :-}
(I admit that I was beginning to wonder if what I seemed to be
seeing was actually real.)
Peace,
david
--
David H. Wolfskill da...@catwhisker.org
Thank you, Claude Malhuret.
https://wickedemerald.wordpress.com/2025/03/08/speech-from-claude-malhuret/
See https://www.catwhisker.org/~david/publickey.gpg for my public key.
signature.asc
Description: PGP signature
