0

It seems like chronyd doesn't work in lxc containers. The containers running are not unprivileged. Following is showing up with systemd:

● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
Condition: start condition failed at Fri 2021-02-05 15:12:48 CET; 3s ago
           └─ ConditionCapability=CAP_SYS_TIME was not met
     Docs: man:chronyd(8)
           man:chrony.conf(5)

I would really like to manage the time inside the lxc's not with the host, because it's a lxc cluster and i don't want to mess with the cluster's time. Did somebody already found a workaround for this?

Lorem ipsum
  • 892
  • 5
  • 15
  • 5
    There is no difference. The containers all use the host clock as that is the only clock. You need to rethink your approach to whatever you were trying to do. – Michael Hampton Feb 05 '21 at 14:22
  • Agreed, you want the cluster to use ntp to always be in sync, and the containers will be in sync by themselfs. – Fredrik Feb 06 '21 at 09:34

1 Answers1

0

Editing chronyd.service and adding -x, like so:

ExecStart=/usr/sbin/chronyd -x $OPTIONS

would allow chronyd to start in a container, however it won’t actually manage the system clock.

From the manpage:

-x

This option disables the control of the system clock. chronyd will not try to make any adjustments of the clock. It will assume the clock is free running and still track its offset and frequency relative to the estimated true time. This option allows chronyd to be started without the capability to adjust or set the system clock (e.g. in some containers) to operate as an NTP server.

fission
  • 3,601
  • 2
  • 21
  • 31
galaga
  • 1