On May 1, 9:09am, al...@yandex.ru (Alexander Nasonov) wrote: -- Subject: Re: /dev/clockctl, O_CLOEXEC and forking
| Christos Zoulas wrote: | > In article <20180429192706.GA25516@neva>, | > Alexander Nasonov <al...@yandex.ru> wrote: | > | > >I don't think adjtime will work because ntpd still runs as root and | > >it can't drop to an unprivileged user before it calls chroot(2). | > | > Right it is the chicken and the egg problem. Your case of running it in | > a non-dev chroot is special :-) | | In general, should I expect that /var/chroot can be mounted with nodev? | | On a quick look in my rc.d directory, only ntpd and named create nodes | in /var/chroot/dev. I run named with nodev on one of my machines and it | works fine. named seems to be needing random and null... It is reasonable to run with nodev, but it buys you little... I mean they processes run as non root in a chroot you have created that only has the device nodes they need. It would be hard for them to create more. christos
