Chrony: erinevus redaktsioonide vahel
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
| 53. rida: | 53. rida: | ||
ppid pid uid command capabilities |
ppid pid uid command capabilities |
||
1436092 1436093 _chrony chronyd net_bind_service, sys_time + |
1436092 1436093 _chrony chronyd net_bind_service, sys_time + |
||
| + | </pre> |
||
| + | |||
| + | või getpcaps abil |
||
| + | |||
| + | <pre> |
||
| + | root@pve-svc-02:~# getpcaps 1436092 |
||
| + | 1436092: cap_net_bind_service,cap_sys_time=ep |
||
</pre> |
</pre> |
||
Redaktsioon: 4. mai 2026, kell 02:14
Sissejuhatus
TODO
Tööpõhimõte
TODO
Misc - chrony protsess
chronyd protsessi info
root@pve-svc-02:~# pgrep chronyd
1436092
1436093
root@pve-svc-02:~# lsns -p 1436093
NS TYPE NPROCS PID USER COMMAND
4026531833 net 481 1 root /sbin/init
4026531834 time 481 1 root /sbin/init
4026531835 cgroup 481 1 root /sbin/init
4026531836 pid 481 1 root /sbin/init
4026531837 user 481 1 root /sbin/init
4026531839 ipc 481 1 root /sbin/init
4026533035 mnt 2 1436092 _chrony ├─/usr/sbin/chronyd -F 1
4026533036 uts 2 1436092 _chrony └─/usr/sbin/chronyd -F 1
kus
root@pve-svc-02:~# cat /proc/1436092/status | grep -i seccomp Seccomp: 2 Seccomp_filters: 23 root@pve-svc-02:~# nsenter -m -t 1436092 findmnt | grep inacc | sed -r 's/tmpfs\s+.*//' │ └─/dev/kmsg tmpfs[/systemd/inaccessible/chr] │ ├─/run/credentials tmpfs[/systemd/inaccessible/dir] │ ├─/run/user tmpfs[/systemd/inaccessible/dir] ├─/root tmpfs[/systemd/inaccessible/dir] ├─/home tmpfs[/systemd/inaccessible/dir] ├─/usr/lib/modules tmpfs[/systemd/inaccessible/dir]
ning capabilities
root@pve-svc-02:~# pscap -p 1436092 ppid pid uid command capabilities 1 1436092 _chrony chronyd net_bind_service, sys_time + root@pve-svc-02:~# pscap -p 1436093 ppid pid uid command capabilities 1436092 1436093 _chrony chronyd net_bind_service, sys_time +
või getpcaps abil
root@pve-svc-02:~# getpcaps 1436092 1436092: cap_net_bind_service,cap_sys_time=ep
ning systemd vastavad seadistused
root@pve-svc-02:~# systemctl show chrony | egrep "^Prot|^Priv|^Capab" | egrep "restore$|yes$" CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_setgid cap_setuid cap_setpcap cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_nice cap_sys_resource cap_sys_time cap_setfcap cap_perfmon cap_bpf cap_checkpoint_restore PrivateTmp=yes ProtectKernelTunables=yes ProtectKernelModules=yes ProtectKernelLogs=yes ProtectControlGroups=yes ProtectControlGroupsEx=yes ProtectHome=yes ProtectHostname=yes
Misc - chrony teenus
Seadistus
root@pve-svc-02:~# egrep "pool|server" /etc/chrony/chrony.conf # pool 2.debian.pool.ntp.org iburst root@pve-svc-02:~# cat /etc/chrony/sources.d/local-ntp-server.sources server 10.192.0.53 iburst
sources info
root@pve-svc-02:~# chronyc sources -v -n .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, '+' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] +/- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 10.192.0.53 4 9 377 413 -135us[ -216us] +/- 3171us
tracking info
root@pve-svc-02:~# chronyc tracking Reference ID : 0AC00035 (10.192.0.53) Stratum : 5 Ref time (UTC) : Sun May 03 17:25:18 2026 System time : 0.000016197 seconds slow of NTP time Last offset : -0.000080330 seconds RMS offset : 0.000049475 seconds Frequency : 0.712 ppm fast Residual freq : -0.006 ppm Skew : 0.085 ppm Root delay : 0.006004042 seconds Root dispersion : 0.000445185 seconds Update interval : 517.6 seconds Leap status : Normal
Kasulikud lisamaterjalid
- TODO
