On 02/18/2018 11:24 AM, Daniel Baumann wrote: > I'd like to run ntpsec as a daemon in a container. However, ntpsecs > systemd units currently declare conflicts to be run in a container.
To address this, I propose removing these two from ntp.service: ConditionVirtualization=!container ConditionCapability=CAP_SYS_TIME but leave them in ntp-wait.service. If the clock is not being set by ntpd, ntpwait is useless. This is conditional on answers to the issues below, though. > Second, the ntpsec default ntp configuration tries too hard to adjust > the local hardware clock. Can you explain what you mean by "tries too hard"? > In the use case of providing a ntp service for > a network, this is not required (and prevents running it in a container). I follow this part. > Thus, it would be nice if (like it is with the original ntp package in > debian) that ntpsec could be installed and run in a container/a system > without touching the hardware clock for the purpose of being run as a > network service only. Can you clarify how the ntp package is different from ntpsec in this regard, other than the systemd unit changes discussed above? I'm not aware of any option to tell ntpd to NOT sync the local clock. -- Richard
