Bug #5845


NTP in non-global zone

Added by Jonathan Adams almost 8 years ago. Updated over 7 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


I recently tried to set up ntp in a non-global zone with private networking.

The global zone only has access to the internal network, the "router zone" has access to the internet and a private network, other zones talk to that private network, but not directly to the internet ...

anyway, following this blog:

I added the "sys_time" privilege to the zone, and rebooted, but NTP still wouldn't work, because the NTP startup script (/lib/svc/method/ntp) has a check to see if it is running in the global zone, which it doesn't need:

smf_is_globalzone || exit $SMF_EXIT_OK

I modified the script, commenting out the line and NTP is working happily.

I noticed that before I added the privilege to the zone I was getting messages like "setppriv: Not owner" in the log file for the NTP startup script, meaning I wasn't sure if we even need the global-zone check, however it might be better to have the script structured like:

ppriv -v $$ | grep 'E: .*sys_time' > /dev/null 2>&1
if [[ $? > 0 ]]; then
        smf_is_globalzone || exit $SMF_EXIT_OK

Related issues

Has duplicate OpenIndiana Distribution - Bug #5846: NTP in non-global zoneRejected2015-04-16

Actions #1

Updated by Yuri Pankov almost 8 years ago

service/network/ntp isn't part of illumos-gate, please file an issue against distribution you are using.

Actions #2

Updated by Jonathan Adams almost 8 years ago

damn, it was so hard to find the "Create Issue" button I'd failed to noticed I wasn't in "Indiana" any more ...

Should I create a new bug since I'm assuming you can't move bugs to different areas?

Actions #3

Updated by Marcel Telka almost 8 years ago

  • Project changed from illumos gate to OpenIndiana Distribution
Actions #4

Updated by Marcel Telka almost 8 years ago

  • Has duplicate Bug #5846: NTP in non-global zone added
Actions #5

Updated by Alexander Pyhalov almost 8 years ago

Can't reproduce on rather fresh Hipster:

# zlogin external pkg list osnet-incorporation ntp
NAME (PUBLISHER)                                  VERSION                    IFO
consolidation/osnet/osnet-incorporation           0.5.11-2015.0.0.14982      i--
service/network/ntp                              i--

# zonecfg -z external set limitpriv="default,sys_time" 
# zoneadm -z external reboot
# zlogin external

external# echo "server my.ntp.server" > /etc/inet/ntp.conf
external# svcadm enable ntp
external# svcs ntp
STATE          STIME    FMRI
online         23:01:11 svc:/network/ntp:default

Actions #6

Updated by Nikola M. over 7 years ago

Please be advised to include release number (Hipster lacks release numbers still),
BE date when it is installed/updated and/or illumos release string,
to help identify point in time when bug and testing is reported.

Without pointing in time when and by naming what Openindiana is used, it can not be tracked wither when bug started to appear or stopped to be a bug.


Also available in: Atom PDF