Date: Sat, 29 Sep 2018 10:55:18 +0200 From: Andrea Venturoli <ml@netfence.it> To: freebsd-questions@freebsd.org, doug@fledge.watson.org Subject: Re: Starting ntpd in a jail Message-ID: <f4228ae2-7950-a25a-9f95-436fa14e16e1@netfence.it> In-Reply-To: <alpine.BSF.2.20.1809281125360.39669@fledge.watson.org> References: <8a138f2e-11d4-d890-c28d-72717a9eed3a@netfence.it> <dc35e5fe09ae5358576089b49954bd69@dweimer.net> <alpine.BSF.2.20.1809281125360.39669@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/28/18 5:41 PM, doug@safeport.com wrote: > I am missing something here. The jail share the kernel. Unless you want > the jail to be in a different time zone than the kernel, why run ntp in > a jail. It is interesting that even works. Two cases at least: A) you have multiple AD domains, so you have two Samba AD DCs, running in two jails. You'll need two ntpd instances with two different "ntpdsigndsocket" parameters. B) for security, you don't want clients to mess with base's ntpd, whose only task will be to set the host time. A second ntpd in a jail (which of course cannot modify the host time) can serve untrusted clients, so if it gets compromised it will only affect that jail. bye av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f4228ae2-7950-a25a-9f95-436fa14e16e1>