How do I run NTP in a privileged Container?

charlie101 · January 1, 2023, 3:25am

Hi and Happy new year.

I’m trying to run ntp in a container and I do want it to set the system clock rather than just using local time. I have issued the command: set NTPContainer security.privileged true.

When I start the container and check the journal I see the error:

set_freq: ntp_loopfilter.c line 1092: ntp_adjtime: Operation not permitted
Dec 28 02:42:32 S-NTP ntpd[352]: step-systime: Operation not permitted.

I assume I need to set some specific privileges somewhere but don’t know where.

Versions:
OS: “Ubuntu 20.04.3 LTS”
Container "Debian 11
NTP: “1:4.2.8p15+dfsg-1 amd64”

Thanks in advance for any advice.

charlie101

amikhalitsyn · January 1, 2023, 9:22pm

Hello @charlie101

It’s forbidden to modify system time even for privileged containers [ kernel checks for capable(CAP_SYS_TIME) ].

charlie101 · January 1, 2023, 11:08pm

Hi Aleksandr

Thank you for your reply.
So can I just check I’ve got this straight. Are you saying there simply is no way to do it; no lxd setting or kernel settings that is going to make this possible?

Thanks again.

amikhalitsyn · January 2, 2023, 10:27am

Unfortunately, there is no way to achieve this, that’s kernel limitation, and at this point, the kernel is not providing us with any options. The kernel supports time namespaces, but time namespaces are about monotonic time and boot time clocks, and not about realtime clock.

charlie101 · January 2, 2023, 7:57pm

Thank you very much for clarifying that. You’ve probably saved me a great deal of time researching only to reach a dead end.
Very useful!