Subject: Re: step-systime: EPERM
To: None <current-users@netbsd.org>
From: Elad Efrat <elad@NetBSD.org>
List: current-users
Date: 09/24/2006 15:28:29
Please try src/sys/secmodel/bsd44/secmodel_bsd44_suser.c revision 1.4
-e.
Jukka Salmi wrote:
> Hi,
>
> in case this helps:
>
> [...]
> 570 1 ntpd CALL select(0x17,0xbfbfea0c,0,0,0xbfbfea2c)
> 570 1 ntpd RET select 1
> 570 1 ntpd CALL recvfrom(0x15,0x81406fc,0x444,0,0x81405e0,0xbfbfea3c)
> 570 1 ntpd GIO fd 21 read 48 bytes
> "$\^C\a\M-l\0\0\fE\0\0\^U\M^G\M-C\M-X@\M-P\M-H\M-@\M-Gv\M-q`A\M^I\M-H\M-@\M-H\M-Y\M-+\^C\M-R\b\M-H\M-@\M-H\M-W\M^]~\
> \M-:\M-q\M-H\M-@\M-H\M-W\M^]\M^B\^A\M-M"
> 570 1 ntpd RET recvfrom 48/0x30
> 570 1 ntpd CALL recvfrom(0x15,0x8140194,0x444,0,0x8140078,0xbfbfea3c)
> 570 1 ntpd RET recvfrom -1 errno 35 Resource temporarily unavailable
> 570 1 ntpd CALL clock_gettime(0,0xbfbfe540)
> 570 1 ntpd RET clock_gettime 0
> 570 1 ntpd CALL setcontext(0xbfbfeb14)
> 570 1 ntpd RET setcontext JUSTRETURN
> 570 1 ntpd CALL __sigprocmask14(2,0xbfbfee38,0)
> 570 1 ntpd RET __sigprocmask14 0
> 570 1 ntpd CALL clock_gettime(0,0xbfbfec68)
> 570 1 ntpd RET clock_gettime 0
> 570 1 ntpd CALL clock_gettime(0,0xbfbfe7a8)
> 570 1 ntpd RET clock_gettime 0
> 570 1 ntpd CALL ioctl(4,CLOCKCTL_CLOCK_SETTIME,0xbfbfe4f4)
> 570 1 ntpd GIO fd 4 wrote 8 bytes
> "\0\0\0\0(\M-e\M-?\M-?"
> 570 1 ntpd RET ioctl -1 errno 1 Operation not permitted
> 570 1 ntpd CALL ioctl(4,_IOWR('C',0x2,0x8),0xbfbfe4f4)
> 570 1 ntpd GIO fd 4 wrote 8 bytes
> " \M-e\M-?\M-?\0\0\0\0"
> 570 1 ntpd GIO fd 4 read 8 bytes
> " \M-e\M-?\M-?\0\0\0\0"
> 570 1 ntpd RET ioctl 0
> 570 1 ntpd CALL ioctl(4,CLOCKCTL_SETTIMEOFDAY,0xbfbfe4f4)
> 570 1 ntpd GIO fd 4 wrote 8 bytes
> "\M-0\M-g\M-?\M-?\0\0\0\0"
> 570 1 ntpd RET ioctl -1 errno 1 Operation not permitted
> 570 1 ntpd CALL issetugid
> 570 1 ntpd RET issetugid 1
> 570 1 ntpd CALL issetugid
> 570 1 ntpd RET issetugid 1
> [...]
> 570 1 ntpd CALL sendto(3,0xbfbfd35c,0x44,0,0,0)
> 570 1 ntpd GIO fd 3 wrote 68 bytes
> "<27>Sep 24 11:05:29 ntpd[570]: step-systime: Operation not permitted"
> 570 1 ntpd RET sendto 68/0x44
> [...]
> 570 1 ntpd CALL sendto(3,0xbfbfd5dc,0x35,0,0,0)
> 570 1 ntpd GIO fd 3 wrote 53 bytes
> "<29>Sep 24 11:05:29 ntpd[570]: time reset -2.053619 s"
> 570 1 ntpd RET sendto 53/0x35
> 570 1 ntpd CALL timer_gettime(3,0x81359d0)
> 570 1 ntpd RET timer_gettime 0
> 570 1 ntpd CALL timer_settime(3,0,0x81359d0,0)
> 570 1 ntpd RET timer_settime 0
> 570 1 ntpd CALL ioctl(4,CLOCKCTL_NTP_ADJTIME,0xbfbfe7b4)
> 570 1 ntpd GIO fd 4 wrote 8 bytes
> " O\^S\b\0L\M-(\M-;"
> 570 1 ntpd GIO fd 4 read 8 bytes
> " O\^S\b\0L\M-(\M-;"
> 570 1 ntpd RET ioctl 0
> [...]
>
> Jukka Salmi --> current-users (2006-09-23 20:51:10 +0200):
>> Hi,
>>
>> Frank Kardel --> current-users (2006-09-23 20:11:29 +0200):
>>> you need to make sure /var/chroot/dev/clockctl exists and is accessible
>>> to the user
>>> ntpd is running under (usually user root group ntpd).
>> $ ps -axuww -p$(pgrep ntpd)
>> USER PID %CPU %MEM VSZ RSS TTY STAT STARTED TIME COMMAND
>> ntpd 596 0.0 0.4 1124 3652 ? Ss 6:21PM 0:00.15 /usr/sbin/ntpd -u ntpd:ntpd -i /var/chroot/ntpd
>>
>> $ ls -l /var/chroot/ntpd/dev/clockctl
>> crw-rw---- 1 root ntpd 89, 0 Sep 19 19:45 /var/chroot/ntpd/dev/clockctl
>>
>>> Also make sure
>>> your kernel
>>> supports pseudo-device clockctl.
>> $ strings /netbsd | sed -n '/^_CFG_.*clockctl/p' | unvis
>> _CFG_###> pseudo-device clockctl # user control of clock subsystem
>>
>> BTW:
>>
>> $ grep '^[^#]' /etc/ntp.conf
>> pidfile /var/run/ntpd.pid
>> driftfile /var/db/ntp.drift
>> logconfig -syncstatus
>> server time1
>> server time2
>>
>> This machine is running ntpd for about a year, and I've not seen this
>> `step-systime: Operation not permitted' message until I recently updated
>> the system...
>
>
> Regards, Jukka
>
--
Elad Efrat