0

Hi

how can we compile linux kernel with CONFIG_SECURITY_CAPABILITIES=y ??

Also what does this flag do ??

Trying to run ntpd in non-root mode

~cheers

2
Contributors
3
Replies
17
Views
4 Years
Discussion Span
Last Post by rubberman
0

The ntpd daemon needs to be able to set the hardware clock, and it can't do that without root permissions.

What kernel are you running? I'm looking at my RHEL 6.2 system (latest 2.6.32 kernel) and there is no such configuration setting. What I have similar to that are as follows:

# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
# CONFIG_SECURITY_PATH is not set
CONFIG_SECURITY_FILE_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set

Edited by rubberman

0
I'm using 2.6.24 (mandatory .. cant change it )

there sure is ths option of CONFIG_SECURITY_CAPABILITIES =y

there has to be a way that ntpd works in non-root mode.

I'm sure there is s concept called linux capabilities. We can drop them

and alter the omnipotence of the superuser.

I just am having a hard time looking things up the web

~cheers
0

2.6.24 eh? Must be Debian Etch. I'll have to dig up my kernel sources for that - they are on a drive currently off-line, so it will probably be next week before I can get back to you about that (going away for the weekend). I use it for an ARM development board I have. In any case, doing that can be very dangerous - caveat programmer! If this is (as is likely) an embedded system and you lock down remote access to it properly, it may not matter, but that is just an observation.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.