NAME
clockctl —
Clock subsystem user
control
SYNOPSIS
pseudo-device clockctl
DESCRIPTION
The
clockctl interface brings clock control to non-root users.
Any user with write access to
/dev/clockctl will be able to
perform operations such as
settimeofday(2),
clock_settime(2),
adjtime(2), or
ntp_adjtime(2), which are
normally restricted to the super-user. Using the
clockctl
pseudo-device, it is possible to run daemons such as
ntpd(8) as non-privileged users,
thus reducing the security exposure if a compromise is found in such a daemon.
The
clockctl pseudo-device driver provides an
ioctl(2) call for each privileged
clock-related system call. The system call stubs in C library will use the
ioctl(2) on
/dev/clockctl if the special file is present and accessible,
or will revert to the plain super-user-restricted system call if the special
file is not accessible.
The following
ioctl(2) calls are
defined in
<sys/clockctl.h>:
-
-
CLOCKCTL_SETTIMEOFDAY
- This will run the
settimeofday(2) system
call. Argument should be a pointer to a struct
clockctl_settimeofday:
struct clockctl_settimeofday {
const struct timeval *tv;
const void *tzp;
};
-
-
CLOCKCTL_CLOCK_SETTIME
- This will run the
clock_settime(2)
system call. Argument should be a pointer to a struct
clockctl_clock_settime:
struct clockctl_clock_settime {
clockid_t clock_id;
struct timespec *tp;
};
-
-
CLOCKCTL_ADJTIME
- This will run the
adjtime(2) system call.
Argument should be a pointer to a struct
clockctl_adjtime:
struct clockctl_adjtime {
const struct timeval *delta;
struct timeval *olddelta;
};
-
-
CLOCKCTL_NTP_ADJTIME
- This will run the
ntp_adjtime(2) system
call. Argument should be a pointer to a struct
clockctl_ntp_adjtime:
struct clockctl_ntp_adjtime {
struct timex *tp;
};
SEE ALSO
adjtime(2),
clock_settime(2),
ioctl(2),
settimeofday(2)
HISTORY
clockctl appeared in
NetBSD 1.6.