From owner-freebsd-questions@freebsd.org Thu Jul 30 20:45:15 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E85AE3AE7C3 for ; Thu, 30 Jul 2020 20:45:15 +0000 (UTC) (envelope-from jon@radel.com) Received: from radel.com (fly.radel.com [70.184.242.170]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.radel.com", Issuer "GoGetSSL RSA DV CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BHj8q0BW3z3fJ2 for ; Thu, 30 Jul 2020 20:45:14 +0000 (UTC) (envelope-from jon@radel.com) X-CGP-ClamAV-Result: CLEAN X-VirusScanner: Niversoft's CGPClamav Helper v1.19.2 (ClamAV engine v0.99.2) X-ExtFilter: Niversoft's DomainKeys Helper DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; d=radel.com; s=20170108.radel; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; b=IOAU8yAMLYjetER3mMs80/iBR4YMplyPw71m+kY1ywnfha2plOGDZrzV5JWDVZB8K6 fPnw8/7GRmXGToO6VMrflCUnWFyLyPNZJlTiRxBxJTneMzVIZMMi4QiJjK52HnEFYF8h in8VZMJYdOioMu+ICpBrhkEEIr/e6DY/DT4ja9kv/ickqiGfHTkQwI+z8zgAO0v9P2Zx D42mX/0vr//vOM+4W1n1Xnd7GusTQhzBfXJ6CuiJ9b0zfKptutMH7FikJGYzxfmaN4F0 FmULpNaclww3w3CImVCwraL2qeIG4/mNqeBGs1v2oIJKSfQXRsT/3WAvlPsynah7K5gX yg8A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radel.com; s=20170108.radel; t=1596141908; x=1596746708; q=dns/txt; h=Subject:To:References:From:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:Content-Type; bh=93xhwFoeLkl k9OsPQd74Xu+clojFnhQzHj0vS3YGmOU=; b=j2bgCMCandMmQSR76fKd4ul5VcZ IcL/0i2hrk2CbIDjabIoSufT2stELiTNcBPboJLzGfFhG+l7QmzE46YgUqrU7QFC bY5TPnuXRtjuOr7ACH4nkqtBFvYFpKDTCX3bKlQBS2SHp1GPsTSyh7pSvz9CeQRc Chz7EcxDdadzlRJGgeqH/cZeVWp1pl+5K5wqPmXueDujOsVMZG78+Fq0iTD7IXNW iXQfK3WJGo7PIwRKGU+fsU4R/84V+xzzCzaMegOJS/G3NCKo5NaLt33/aLmb5v/y WjlppSKwT5BfsLl1D+yXkC9JEdrgOVyGwZaSz1ZdS+5mCjHneTDZ09/PZ8Q== Received: from [2001:470:880a:4389:d46b:2d8f:651f:5940] (account jon@radel.com HELO haralson.local) by radel.com (CommuniGate Pro SMTP 6.1.14 _community_) with ESMTPSA id 2200216 for freebsd-questions@freebsd.org; Thu, 30 Jul 2020 20:45:08 +0000 Subject: Re: Q. ntp pseudo service in a jail To: freebsd-questions@freebsd.org References: <62693624b2f310cc9683ed6b05d246b6.squirrel@webmail.harte-lyne.ca> From: Jon Radel Message-ID: Date: Thu, 30 Jul 2020 16:45:07 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <62693624b2f310cc9683ed6b05d246b6.squirrel@webmail.harte-lyne.ca> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms040801030606040101010007" X-Rspamd-Queue-Id: 4BHj8q0BW3z3fJ2 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=radel.com header.s=20170108.radel header.b=j2bgCMCa; dmarc=pass (policy=none) header.from=radel.com; spf=pass (mx1.freebsd.org: domain of jon@radel.com designates 70.184.242.170 as permitted sender) smtp.mailfrom=jon@radel.com X-Spamd-Result: default: False [-4.03 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[radel.com:s=20170108.radel]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:70.184.242.160/28]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.004]; HFILTER_HELO_IP_A(1.00)[radel.com]; NEURAL_SPAM_SHORT(0.08)[0.082]; DKIM_TRACE(0.00)[radel.com:+]; DMARC_POLICY_ALLOW(-0.50)[radel.com,none]; NEURAL_HAM_MEDIUM(-1.01)[-1.006]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:22773, ipnet:70.184.240.0/21, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jul 2020 20:45:16 -0000 This is a cryptographically signed message in MIME format. --------------ms040801030606040101010007 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US On 7/30/20 16:03, James B. Byrne via freebsd-questions wrote: > I need a jail to provide responses to ntp queries. I do not need (or w= ant) the > jail to adjust the system time. I just need it to provide whatever tim= e the > host OS has whenever it is queried. Can this requirement be met? > > > You can probably do what you want with the reference ntpd code if you set it up to have only a LOCAL driver.=C2=A0 This takes the system clock = as the source of truth. See http://doc.ntp.org/4.2.0/drivers/driver1.html If you prefer ntpsec, see https://docs.ntpsec.org/latest/prefer.html for a few further thoughts on using LOCAL with that daemon. Make sure to set a really high stratum with fudge so that people don't have to hate on you if you leak the quite possibly crap time further than you expect. --=20 --Jon Radel jon@radel.com --------------ms040801030606040101010007 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC C9owggXmMIIDzqADAgECAhBqm+E4O/8ra58B1dm4p1JWMA0GCSqGSIb3DQEBDAUAMIGFMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMzAxMTAwMDAwMDBaFw0yODAxMDkyMzU5NTla MIGXMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQH EwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE9MDsGA1UEAxM0Q09NT0RP IFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6znlesKHZ1QBbHOAOY08YYdiFQ8yV5C0y1oNF9 Olg+nKcxLqf2NHbZhGra0D00SOTq9bus3/mxgUsg/Wh/eXQ0pnp8tZ8XZWAnlyKMpjL+qUBy RjXCA6RQyDMqVaVUkbIr5SU0RDX/kSsKwer3H1pT/HUrBN0X8sKtPTdGX8XAWt/VdMLBrZBl gvnkCos+KQWWCo63OTTqRvaq8aWccm+KOMjTcE6s2mj6RkalweyDI7X+7U5lNo6jzC8RTXtV V4/Vwdax720YpMPJQaDaElmOupyTf1Qib+cpukNJnQmwygjD8m046DQkLnpXNCAGjuJy1F5N ATksUsbfJAr7FLUCAwEAAaOCATwwggE4MB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZ MjLUMB0GA1UdDgQWBBSCr2yM+MX+lmF86B89K3FIXsSLwDAOBgNVHQ8BAf8EBAMCAYYwEgYD VR0TAQH/BAgwBgEB/wIBADARBgNVHSAECjAIMAYGBFUdIAAwTAYDVR0fBEUwQzBBoD+gPYY7 aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0 eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2Nh LmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au Y29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQB4XLKBKDRPPO5fVs6fl1bsj6JrF/bz 9kkIBtTYLzXN30D+03Hj6OxCDBEaIeNmsBhrJmuubvyE7HtoSmR809AgcYboW+rcTNZ/8u/H v+GTrNI/AhqX2/kiQNxmgUPt/eJPs92Qclj0HnVyy9TnSvGkSDU7I5Px+TbO+88G4zipA2ps ZaWeEykgzClZlPz1FjTCkk77ZXp5cQYYexE6zeeN4/0OqqoAloFrjAF4o50YJafX8mnahjp3 I2Y2mkjhk0xQfhNqbzlLWPoT3m7j7U26u7zg6swjOq8hITYc3/np5tM5aVyu6t99p17bTbY7 +1RTWBviN9YJzK8HxzObXYWBf/L+VGOYNsQDTxAk0Hbvb1j6KjUhg7fO294F29QIhhmiNOr8 4JHoy+fNLpfvYc/Q9EtFOI5ISYgOxLk3nD/whbUe9rmEQXLp8MB933Ij474gwwCPUpwv9mj2 PMnXoc7mbrS22XUSeTwxCTP9bcmUdp4jmIoWfhQm7X9w/Zgddg+JZ/YnIHOwsGsaTUgj7fIv xqith7DoJC91WJ8Lce3CVJqb1XWeKIJ84F7YLXZN0oa7TktYgDdmQVxYkZo1c5noaDKH9Oq9 cbm/vOYRUM1cWcef20Wkyk5S/GFyyPJwG0fR1nRas3DqAf4cXxMiEKcff7PNa4M3RGTqH0pW R8p6EjCCBewwggTUoAMCAQICEHQDryTAYaEsgncP8aGW6o4wDQYJKoZIhvcNAQELBQAwgZcx CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1Nh bGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNB IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTE4MDMwNDAw MDAwMFoXDTIxMDMwMzIzNTk1OVowgfoxCzAJBgNVBAYTAlVTMQ4wDAYDVQQREwUyMjE1MDEL MAkGA1UECBMCVkExFDASBgNVBAcTC1NwcmluZ2ZpZWxkMRowGAYDVQQJExE2OTE3IFJpZGdl d2F5IERyLjEVMBMGA1UEChMMSm9uIFQuIFJhZGVsMTIwMAYDVQQLEylJc3N1ZWQgdGhyb3Vn aCBKb24gVC4gUmFkZWwgRS1QS0kgTWFuYWdlcjEfMB0GA1UECxMWQ29ycG9yYXRlIFNlY3Vy ZSBFbWFpbDESMBAGA1UEAxMJSm9uIFJhZGVsMRwwGgYJKoZIhvcNAQkBFg1qb25AcmFkZWwu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK/dFQxMTnVPcP1TI09m30v8 rSG/VWSFWfFvu/2jzPkNL+ivx6A4LNUbqw4CS73GIKcbp8IrpNQz2oQV6mTv+KVJzJMf8GjA y8EzZjhc2tAXL+Q57omCTuAc6cw2KDYFL0aNWX4CEe/LqfoBDKpJF7HCrwwus55+tTEkAY8j tRkQRMHf47YQVJjD/4pdC/h+7jjI0oSgh1npT7Q3K47g6IkVzjhiH8LCsCSVYaLzRZfgcl3s 0GLE858PV/84l5d/hUVD0u9J2EdKpf+hnFqZnA3qw9R0xFQIE6yOkUvhALw1zxXaiGj0047a gBE2Bhv2UIlj6Q0zPa5kRYDy9vBI6QIDAQABo4IBzTCCAckwHwYDVR0jBBgwFoAUgq9sjPjF /pZhfOgfPStxSF7Ei8AwHQYDVR0OBBYEFHS/Ewun4pYC9Lla5kkmj4zo7tKcMA4GA1UdDwEB /wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjBG BgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBTArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3Vy ZS5jb21vZG8ubmV0L0NQUzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLmNvbW9kb2Nh LmNvbS9DT01PRE9SU0FDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3Js MIGLBggrBgEFBQcBAQR/MH0wVQYIKwYBBQUHMAKGSWh0dHA6Ly9jcnQuY29tb2RvY2EuY29t L0NPTU9ET1JTQUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYI KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAYBgNVHREEETAPgQ1qb25AcmFk ZWwuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBUNLBptNFZRBkOUPOCI9TPM6QauLK6jojtbxZO XWvZfKvq8ukWUZTPtaDS5UjsMhlxLf/Crv8HkiVXSzC36cVQyjNjl1u+u/Sbl/6q/TfQk+aK 5jzDd4onQVzlfE33ymtZJgh+4dMPWKuXjRS0OyMLzv3mYCvFO83l1G9rBiaCEfFJHKgVGY1z 3ZU/gsPCQ2a0xf3908lwl5H3SPB3ZzLWDf41o5zV70HXfsgP862KzxU9t46XBGZ8TRl/5fl+ Xj2KQdpyWlNZUS00/UHznxeFO5+bkNaOg24BjwfBOWi0D47CE+6BRWvtrmgciWxefUuYeeIy Qr58KK8DlBCkVF06MYIENTCCBDECAQEwgawwgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD QSBMaW1pdGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBh bmQgU2VjdXJlIEVtYWlsIENBAhB0A68kwGGhLIJ3D/GhluqOMA0GCWCGSAFlAwQCAQUAoIIC WTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDA3MzAyMDQ1 MDdaMC8GCSqGSIb3DQEJBDEiBCD7wEVQjCpVk6QtlpfpKcDoCs+epuwPvE0ggf+zF69ZwjBs BgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcw DgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo MIG9BgkrBgEEAYI3EAQxga8wgawwgZcxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1p dGVkMT0wOwYDVQQDEzRDT01PRE8gUlNBIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2Vj dXJlIEVtYWlsIENBAhB0A68kwGGhLIJ3D/GhluqOMIG/BgsqhkiG9w0BCRACCzGBr6CBrDCB lzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMH U2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPTA7BgNVBAMTNENPTU9ETyBS U0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEHQDryTAYaEs gncP8aGW6o4wDQYJKoZIhvcNAQEBBQAEggEAl7Btl/hAWBpThZZJxPu1Wctkf9h5Fj9tFfQ4 NZNR7geIYa2U2CsUEVjkxZzqyHs5DEeD/OrEbiSjjRKGCcBH8BXQ8863NGXTZa0VZAcO/y9K oMJqxKkP1mfwvVq7DDtewVuwFNTpXmQGyNlLjC1syAl7ZrUBoDbKoZEbqc+6HFRKqlE8Ge30 dmUtpaMUGqkluuayLmQn3zCSTyhYcp2iz1AYtSamY/kv5QEU8yGGYoMFwXTTeLBZpHr52DVh 7dZL1M8cF2VPQZAQLiH+i6SQMSK28yCs3cCJOjKTTlTskeztynbnf5cK5Sb2WlnCTsmd6ZUP /0x8RAy5YW3Cn+nXGAAAAAAAAA== --------------ms040801030606040101010007--