Debian - chroot ntpd Issues

Question

I would like to configure the ntp daemon inside a chroot enviroment. The OS I am suing is Debian 9.1, kernel 3.16.0-4-686-pae

The service run as: /usr/sbin/ntpd -p /var/run/ntpd.pid -i /var/chroot/ntp -u ntp:ntp -l /var/log/ntpd.log

The problems I face are:

1) The ntp daemon can't resolve DNS name, but its working as expected with IP addressed. Am I missing any special files inside the chroot path?

ntpd[2936]: retrying DNS 1.gr.pool.ntp.org: Name or service not known (-2)
ntpd[2936]: retrying DNS 1.europe.pool.ntp.org: Name or service not known (-2)
ntpd[2936]: retrying DNS 0.europe.pool.ntp.org: Name or service not known (-2)
ntpd[2936]: retrying DNS 0.gr.pool.ntp.org: Name or service not known (-2)
ntpd[2936]: retrying DNS 0.pool.ntp.org: Name or service not known (-2)
ntpd[2936]: retrying DNS 1.pool.ntp.org: Name or service not known (-2)
ntpd[2936]: retrying DNS 2.pool.ntp.org: Name or service not known (-2)
ntpd[2936]: retrying DNS 3.pool.ntp.org: Name or service not known (-2)

2) Although the ntp server starts with "-i /var/chroot/ntp" not all paths inside ntpd.conf are relevant to this directory. For example:

ntp.conf:

driftfile var/lib/ntp/ntp.drift

logfile /var/chroot/ntp/var/log/ntpd.log

Log file requires the whole path; should ntpd be able to access files outside the chroot dir?

You probably need ``/etc/resolv.conf`` inside the chroot. – allo Oct 10 '17 at 14:55 — allo, Oct 10 '17 at 14:55

score 1 · Answer 1 · answered Oct 10 '17 at 16:18

When running software inside a chroot, one needs to install essential system libraries and settings inside the chroot for the software to run correctly. For example, linked libraries need to be in chroot. One can use ldd -v to show which libraries a particular application uses.

If you run chroot so that your chroot directory is /var/chroot/ntp, then that will be the / directory inside the chroot. So, for example, logfile /var/chroot/ntp/var/log/ntpd.log would point to /var/chroot/ntp/var/chroot/ntp/var/log/ntpd.log in the main filesystem.

So, in your case you need to set logfile /var/log/ntpd.log.

I have tried logfile /var/log/ntpd.log . ntpd still updates the file in (absolute) path logfile /var/log/ntpd.log instead of /var/chroot/ntp/var/log/ntpd.log — amprantino, Oct 11 '17 at 07:12

score 0 · Answer 2 · answered Oct 11 '17 at 09:52

The problem was partially solved after changing /etc/nsswitch.conf

From

hosts: files dns

to

hosts: dns

Now dns queries are working. The 2nd problem still remains: PID files and logs must be changed to absolute path instead of relevant to chroot directory.

Is ntp daemon dropping privileges after creating the log files?

Debian - chroot ntpd Issues

2 Answers2