mirror of
https://gitlab.com/chrony/chrony.git
synced 2026-03-11 00:59:38 -04:00
sys: add OpenBSD support
Add OpenBSD support, including pledge(2) support by implementing SYS_EnableSystemCallFilter(). This commit depends on the addition of AdjustFreq() privops and the addtion of invoking SYS_EnableSystemCallFilter() from PRV_StartHelper(). Only system call filter levels on/off' are supported. Setting level to 0 disables the filter and setting it to 1 enables it. Update the documentation to reflect that OpenBSD supports: - the SCHED_FIFO real-time scheduler (option -P) - locking chronyd into memory (option -m) - reload sample history of servers and ref clocks (option -r) - forking into two process when run as non-root user (option -u) - maxdrift/maxslewrate of 100000.
This commit is contained in:
Thomas Kupper
committed by
Miroslav Lichvar
Miroslav Lichvar
parent
9a57ef8dbf
commit
4ddc6b334d
@@ -1449,8 +1449,8 @@ for a high quality clock using a temperature compensated crystal oscillator.
|
||||
This directive specifies the maximum assumed drift (frequency error) of the
|
||||
system clock. It limits the frequency adjustment that *chronyd* is allowed to
|
||||
use to correct the measured drift. It is an additional limit to the maximum
|
||||
adjustment that can be set by the system driver (100000 ppm on Linux, 500 ppm
|
||||
on FreeBSD, NetBSD, and macOS 10.13+, 32500 ppm on illumos).
|
||||
adjustment that can be set by the system driver (100000 ppm on Linux and
|
||||
OpenBSD, 500 ppm on FreeBSD, NetBSD, and macOS 10.13+, 32500 ppm on illumos).
|
||||
+
|
||||
By default, the maximum assumed drift is 500000 ppm, i.e. the adjustment is
|
||||
limited by the system driver rather than this directive.
|
||||
@@ -1487,10 +1487,10 @@ is effective only on systems where *chronyd* is able to control the rate (i.e.
|
||||
all supported systems with the exception of macOS 12 or earlier).
|
||||
+
|
||||
For each system there is a maximum frequency offset of the clock that can be set
|
||||
by the driver. On Linux it is 100000 ppm, on FreeBSD, NetBSD and macOS 10.13+ it
|
||||
is 5000 ppm, and on illumos it is 32500 ppm. Also, due to a kernel limitation,
|
||||
setting *maxslewrate* on FreeBSD, NetBSD, macOS 10.13+ to a value between 500
|
||||
ppm and 5000 ppm will effectively set it to 500 ppm.
|
||||
by the driver. On Linux and OpenBSD it is 100000 ppm, on FreeBSD, NetBSD and
|
||||
macOS 10.13+ it is 5000 ppm, on illumos it is 32500 ppm. Also, due to a kernel
|
||||
limitation, setting *maxslewrate* on FreeBSD, NetBSD, macOS 10.13+ to a value
|
||||
between 500 ppm and 5000 ppm will effectively set it to 500 ppm.
|
||||
+
|
||||
By default, the maximum slew rate is set to 83333.333 ppm (one twelfth).
|
||||
|
||||
@@ -2988,7 +2988,7 @@ file when the <<chronyc.adoc#rekey,*rekey*>> command is issued by *chronyc*).
|
||||
[[lock_all]]*lock_all*::
|
||||
The *lock_all* directive will lock the *chronyd* process into RAM so that it
|
||||
will never be paged out. This can result in lower and more consistent latency.
|
||||
The directive is supported on Linux, FreeBSD, NetBSD, and illumos.
|
||||
The directive is supported on Linux, FreeBSD, NetBSD, OpenBSD, and illumos.
|
||||
|
||||
[[pidfile]]*pidfile* _file_::
|
||||
Unless *chronyd* is started with the *-Q* option, it writes its process ID
|
||||
@@ -3039,11 +3039,11 @@ accepted NTP-over-PTP messages. Messages from other domains are ignored.
|
||||
The default is 123, the minimum is 0, and the maximum is 255.
|
||||
|
||||
[[sched_priority]]*sched_priority* _priority_::
|
||||
On Linux, FreeBSD, NetBSD, and illumos, the *sched_priority* directive will
|
||||
select the SCHED_FIFO real-time scheduler at the specified priority (which must
|
||||
be between 0 and 100). On macOS, this option must have either a value of 0 (the
|
||||
default) to disable the thread time constraint policy or 1 for the policy to be
|
||||
enabled.
|
||||
On Linux, FreeBSD, NetBSD, OpenBSD, and illumos, the *sched_priority* directive
|
||||
will select the SCHED_FIFO real-time scheduler at the specified priority (which
|
||||
must be between 0 and 100). On macOS, this option must have either a value of 0
|
||||
(the default) to disable the thread time constraint policy or 1 for the policy
|
||||
to be enabled.
|
||||
+
|
||||
On systems other than macOS, this directive uses the *pthread_setschedparam()*
|
||||
system call to instruct the kernel to use the SCHED_FIFO first-in, first-out
|
||||
@@ -3065,9 +3065,9 @@ The *user* directive sets the name of the system user to which *chronyd* will
|
||||
switch after start in order to drop root privileges.
|
||||
+
|
||||
On Linux, *chronyd* needs to be compiled with support for the *libcap* library.
|
||||
On macOS, FreeBSD, NetBSD and illumos *chronyd* forks into two processes.
|
||||
The child process retains root privileges, but can only perform a very limited
|
||||
range of privileged system calls on behalf of the parent.
|
||||
On macOS, FreeBSD, NetBSD, OpenBSD, and illumos *chronyd* forks into two
|
||||
processes. The child process retains root privileges, but can only perform a
|
||||
very limited range of privileged system calls on behalf of the parent.
|
||||
+
|
||||
The compiled-in default value is _@DEFAULT_USER@_.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user