Re: /dev/clockctl, O_CLOEXEC and forking

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: /dev/clockctl, O_CLOEXEC and forking
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Tue, 1 May 2018 08:12:11 -0400

On May 1,  9:09am, alnsn%yandex.ru@localhost (Alexander Nasonov) wrote:
-- Subject: Re: /dev/clockctl, O_CLOEXEC and forking

| Christos Zoulas wrote:
| > In article <20180429192706.GA25516@neva>,
| > Alexander Nasonov  <alnsn%yandex.ru@localhost> wrote:
| > 
| > >I don't think adjtime will work because ntpd still runs as root and
| > >it can't drop to an unprivileged user before it calls chroot(2).
| > 
| > Right it is the chicken and the egg problem. Your case of running it in
| > a non-dev chroot is special :-)
| 
| In general, should I expect that /var/chroot can be mounted with nodev?
| 
| On a quick look in my rc.d directory, only ntpd and named create nodes
| in /var/chroot/dev. I run named with nodev on one of my machines and it
| works fine.

named seems to be needing random and null... It is reasonable to run
with nodev, but it buys you little... I mean they processes run as non
root in a chroot you have created that only has the device nodes they
need. It would be hard for them to create more.

christos

Follow-Ups:
- Re: /dev/clockctl, O_CLOEXEC and forking
  - From: Alexander Nasonov

References:
- Re: /dev/clockctl, O_CLOEXEC and forking
  - From: Alexander Nasonov

Prev by Date: Re: sh(1) BUGS entry query
Next by Date: Re: /dev/clockctl, O_CLOEXEC and forking
Previous by Thread: Re: /dev/clockctl, O_CLOEXEC and forking
Next by Thread: Re: /dev/clockctl, O_CLOEXEC and forking
Indexes:

Home | Main Index | Thread Index | Old Index