From nobody Fri Jun 28 16:55:27 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W9hQR2GqCz5Nt8k; Fri, 28 Jun 2024 16:55:43 +0000 (UTC) (envelope-from oshogbo.vx@gmail.com) Received: from mail-oa1-f46.google.com (mail-oa1-f46.google.com [209.85.160.46]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W9hQR0c34z4dDN; Fri, 28 Jun 2024 16:55:43 +0000 (UTC) (envelope-from oshogbo.vx@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-oa1-f46.google.com with SMTP id 586e51a60fabf-25075f3f472so74019fac.2; Fri, 28 Jun 2024 09:55:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719593742; x=1720198542; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RlDHjKxrUjaTpn9IS6v4rPUNQqJzo9XCA6lX+DEHoWc=; b=vdgP65SSd7P7qxZ8N2368MqOddwS9Sqru6kmrRPrR5bZbTszGvZf5BtbPJuQDHqweX mb/5Z4GVZOI6cax1IAehpQK9QAJPsgC5DkNReBILvyPA14RQNzpxmFK3xfpYxqA9UEbZ 1mTp1vf+dCmuSlxChEYu1UjPQn/I8pBpOlWTnDo5kGlebI2Ab+iCB6ZCWReYMm/cTyiW Rz6P53Ti4a5uv2doUdlz3+SNPsFoUHp9MA1T7RZTidKRGmPieQ0qDm4Qezi2ic0XLnZI 0M0UCF2V1wvad8iGRiyMQTlueoj6jN6ST8jZ+ohQLxrD5hEOvfcurShC2LeNcdYUefKL ZPPQ== X-Forwarded-Encrypted: i=1; AJvYcCXqEjK+BR0LcfRYhhMeS16XNF8PRKhTFXm8kPuRr1ZempPql/Nr/UHpjtnSxkZYDGwbBSXFWIo0oAt4kGU8G4EHIJXLLSGqNq/ALb0jbgn439Fjyx4FfeiNfOkEuI2h8fWCqrNV2R6Qm90HUyw= X-Gm-Message-State: AOJu0YzDT3Vn8bYDiJhGL97zg4lTTQqlH6S53aPC4QZu8A8eaedwNskl 8Fhv94IOiCaWuMrd5GF69gOwN9o/nc8sdEkRHrVe7R6d1Ui44x/8PzqcO41pk/VEPtFai+9i0r3 SvRugJAJ6OmUq73REzH98xUNJWurN4ulj X-Google-Smtp-Source: AGHT+IHQZNo1+qSHsbGYNbHtwTYaxu0VAh3/hNmPwpt45LsSucvXlseSloFOVtFAnuJl58j2Th5n5DnmvoS4QNVr+Qc= X-Received: by 2002:a05:6871:293:b0:254:d417:351f with SMTP id 586e51a60fabf-25ceff4a66amr18811491fac.1.1719593741618; Fri, 28 Jun 2024 09:55:41 -0700 (PDT) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 References: <202406281025.45SAPLcL092196@gitrepo.freebsd.org> <748b26fecd710a15fb114d69d443da2f@Leidinger.net> In-Reply-To: <748b26fecd710a15fb114d69d443da2f@Leidinger.net> From: Mariusz Zaborski Date: Fri, 28 Jun 2024 18:55:27 +0200 Message-ID: Subject: Re: git: d3bb35d4e51b - main - jail: allow adjustment of host time To: Alexander Leidinger Cc: dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org, src-committers@freebsd.org Content-Type: multipart/alternative; boundary="000000000000209794061bf61e43" X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; TAGGED_FROM(0.00)[] X-Rspamd-Queue-Id: 4W9hQR0c34z4dDN --000000000000209794061bf61e43 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable W dniu pt., 28.06.2024 o 15:35 Alexander Leidinger napisa=C5=82(a): > Am 2024-06-28 12:25, schrieb Mariusz Zaborski: > > The branch main has been updated by oshogbo: > > > > URL: > > > https://cgit.FreeBSD.org/src/commit/?id=3Dd3bb35d4e51b06488b731071e7841f5= 49bd5d26f > > > > commit d3bb35d4e51b06488b731071e7841f549bd5d26f > > Author: Mariusz Zaborski > > AuthorDate: 2024-06-28 10:23:31 +0000 > > Commit: Mariusz Zaborski > > CommitDate: 2024-06-28 10:23:31 +0000 > > > > jail: allow adjustment of host time > > > > Add a special permission to the jail to adjust and to set the host > > time. > > This can be useful if we want to compartmentalize the NTP daemon > > from the rest of the system. > > Do you plan to add a setting to service jails (rc.subr + > rc.conf-man-page) for this, e.g. > ---snip--- > case "$_svcj_option" in > chtime) > _svcj_cmd_options=3D"allow.adjti= me > allow.settime ${_svcj_cmd_options}" > ;; > ---snip--- > and change the ntpd start script to use it (removing ntpd_svcj=3D"NO" and > adding ntpd_svcj_options=3D"net_basic chtime" ... maybe net_raw is needed > too, TBD)? > > Like this ntpd could be compartmentalized with "sysrc ntpd_svcj=3DYES". > Hello, Yes, I'm going to follow up. Thanks, Mariusz > Bye, > Alexander. > > -- > http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF > http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF > --000000000000209794061bf61e43 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


W dniu pt., 28.06.2024 o 15:35 Alexander Leidinger <Alexander@leidinger.net> napi= sa=C5=82(a):
Am 2024-06-28 12:25, schrieb Mariusz= Zaborski:
> The branch main has been updated by oshogbo:
>
> URL:
> https://cgit.= FreeBSD.org/src/commit/?id=3Dd3bb35d4e51b06488b731071e7841f549bd5d26f >
> commit d3bb35d4e51b06488b731071e7841f549bd5d26f
> Author:=C2=A0 =C2=A0 =C2=A0Mariusz Zaborski <oshogbo@FreeBSD.org>= ;
> AuthorDate: 2024-06-28 10:23:31 +0000
> Commit:=C2=A0 =C2=A0 =C2=A0Mariusz Zaborski <oshogbo@FreeBSD.org>= ;
> CommitDate: 2024-06-28 10:23:31 +0000
>
>=C2=A0 =C2=A0 =C2=A0jail: allow adjustment of host time
>
>=C2=A0 =C2=A0 =C2=A0Add a special permission to the jail to adjust and = to set the host
> time.
>=C2=A0 =C2=A0 =C2=A0This can be useful if we want to compartmentalize t= he NTP daemon
>=C2=A0 =C2=A0 =C2=A0from the rest of the system.

Do you plan to add a setting to service jails (rc.subr +
rc.conf-man-page) for this, e.g.
---snip---
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0case "$_svcj_option" in
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0chtime)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0_s= vcj_cmd_options=3D"allow.adjtime
allow.settime ${_svcj_cmd_options}"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0;;=
---snip---
and change the ntpd start script to use it (removing ntpd_svcj=3D"NO&q= uot; and
adding ntpd_svcj_options=3D"net_basic chtime" ... maybe net_raw i= s needed
too, TBD)?

Like this ntpd could be compartmentalized with "sysrc ntpd_svcj=3DYES&= quot;.

Hello,=C2=A0

Yes, I= 9;m going to follow up.

= Thanks,
Mariusz


Bye,
Alexander.

--
h= ttp://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF=
htt= p://www.FreeBSD.org=C2=A0 =C2=A0 netchild@FreeBSD.org=C2=A0 : PGP 0x8F3= 1830F9F2772BF
--000000000000209794061bf61e43--