This patch is Solaris specific and will not be submitted to the community. It makes it possible to suppress the "Not owner" errors if NTP is run in a zone without the sys_time privilege needed to adjust the clock. It also adds a check for that same privilege so that the service will go into maintenance by default if the privilege is missing. --- include/ntp_machine.h.orig +++ include/ntp_machine.h @@ -293,5 +293,6 @@ extern time_t timegm (struct tm *); #endif +extern int eperm_count; #endif /* NTP_MACHINE_H */ --- ntpd/ntp_loopfilter.c.orig +++ ntpd/ntp_loopfilter.c @@ -16,6 +16,7 @@ #include "ntp_unixtime.h" #include "ntp_stdlib.h" #include "timexsup.h" +#include "ntp_machine.h" #include #include @@ -268,16 +269,22 @@ ); break; case EPERM: - if (tai_call) { - errno = saved_errno; - msyslog(LOG_ERR, - "%s: ntp_adjtime(TAI) failed: %m", - caller); + case ENOTSUP: + if (!eperm_count) { + if (tai_call) { + errno = saved_errno; + msyslog(LOG_ERR, + "%s: ntp_adjtime(TAI) failed: %m", + caller); + } + errno = saved_errno; + msyslog(LOG_ERR, "%s: %s line %d: ntp_adjtime: %m", + caller, file_name(), line + ); + msyslog(LOG_ERR, "Is the current zone missing" + " the sys_time privilege?"); } - errno = saved_errno; - msyslog(LOG_ERR, "%s: %s line %d: ntp_adjtime: %m", - caller, file_name(), line - ); + eperm_count++; break; default: msyslog(LOG_NOTICE, "%s: %s line %d: unhandled errno value %d after failed ntp_adjtime call", --- libntp/systime.c.orig +++ libntp/systime.c @@ -16,6 +16,7 @@ #include "timevalops.h" #include "timespecops.h" #include "ntp_calendar.h" +#include "ntp_machine.h" #ifdef HAVE_SYS_PARAM_H # include @@ -33,6 +34,12 @@ u_long sys_lamport; /* Lamport violation */ u_long sys_tsrounding; /* timestamp rounding errors */ +/* Count how many EPERM error we have had. Only log an error on the first + * one. Don't even try after the first ten. To suppress the log, initialize + * the count to one. + */ +int eperm_count=0; + #ifndef USE_COMPILETIME_PIVOT # define USE_COMPILETIME_PIVOT 1 #endif @@ -352,18 +359,28 @@ adjtv.tv_usec = -adjtv.tv_usec; sys_residual = -sys_residual; } + if (enable_panic_check && allow_panic) { + msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!"); + } if (adjtv.tv_sec != 0 || adjtv.tv_usec != 0) { - if (adjtime(&adjtv, &oadjtv) < 0) { - msyslog(LOG_ERR, "adj_systime: %m"); - if (enable_panic_check && allow_panic) { - msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!"); + /* After a few tries, give up */ + if (eperm_count < 10) { + if (adjtime(&adjtv, &oadjtv) < 0) { + if (errno == EPERM || errno == ENOTSUP) { + if (!eperm_count) { + msyslog(LOG_ERR, + "adj_systime: %m"); + } + eperm_count++; + } else { + msyslog(LOG_ERR, "adj_systime: %m"); + } + return FALSE; } + } else { return FALSE; } } - if (enable_panic_check && allow_panic) { - msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!"); - } return TRUE; } #endif @@ -561,7 +578,10 @@ /* now set new system time */ if (ntp_set_tod(&timetv, NULL) != 0) { - msyslog(LOG_ERR, "step-systime: %m"); + if ((errno == EPERM || errno == ENOTSUP) && !eperm_count) { + msyslog(LOG_ERR, "step-systime: %m"); + eperm_count++; + } if (enable_panic_check && allow_panic) { msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!"); } --- ntpd/ntpd.c.orig +++ ntpd/ntpd.c @@ -938,6 +938,10 @@ } # endif + if (getenv("IGNORE_SYS_TIME_ERROR")) { + eperm_count=1; + } + /* * Enable the Multi-Media Timer for Windows? */