blob: f38e59847966f7b91238a17d2e9bac2b131b8147 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
<table class="head">
<tr>
<td class="head-ltitle">CLOCKCTL(4)</td>
<td class="head-vol">Device Drivers Manual</td>
<td class="head-rtitle">CLOCKCTL(4)</td>
</tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">clockctl</code> — <span class="Nd">Clock
subsystem user control</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
<p class="Pp"><code class="Cd">pseudo-device clockctl</code></p>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<p class="Pp">The <code class="Nm">clockctl</code> interface brings clock
control to non-root users. Any user with write access to
<span class="Pa">/dev/clockctl</span> will be able to perform operations
such as <a class="Xr">settimeofday(2)</a>,
<a class="Xr">clock_settime(2)</a>, <a class="Xr">adjtime(2)</a>, or
<a class="Xr">ntp_adjtime(2)</a>, which are normally restricted to the
super-user. Using the <code class="Nm">clockctl</code> pseudo-device, it is
possible to run daemons such as <a class="Xr">ntpd(8)</a> as non-privileged
users, thus reducing the security exposure if a compromise is found in such
a daemon.</p>
<p class="Pp">The <code class="Nm">clockctl</code> pseudo-device driver provides
an <a class="Xr">ioctl(2)</a> call for each privileged clock-related system
call. The system call stubs in C library will use the
<a class="Xr">ioctl(2)</a> on <span class="Pa">/dev/clockctl</span> if the
special file is present and accessible, or will revert to the plain
super-user-restricted system call if the special file is not accessible.</p>
<p class="Pp">The following <a class="Xr">ioctl(2)</a> calls are defined in
<code class="In"><<a class="In">sys/clockctl.h</a>></code>:</p>
<dl class="Bl-tag">
<dt id="CLOCKCTL_SETTIMEOFDAY"><a class="permalink" href="#CLOCKCTL_SETTIMEOFDAY"><code class="Dv">CLOCKCTL_SETTIMEOFDAY</code></a></dt>
<dd>This will run the <a class="Xr">settimeofday(2)</a> system call. Argument
should be a pointer to a <var class="Va">struct
clockctl_settimeofday</var>:
<div class="Bd Pp Li">
<pre>struct clockctl_settimeofday {
const struct timeval *tv;
const void *tzp;
};</pre>
</div>
</dd>
<dt id="CLOCKCTL_CLOCK_SETTIME"><a class="permalink" href="#CLOCKCTL_CLOCK_SETTIME"><code class="Dv">CLOCKCTL_CLOCK_SETTIME</code></a></dt>
<dd>This will run the <a class="Xr">clock_settime(2)</a> system call. Argument
should be a pointer to a <var class="Va">struct
clockctl_clock_settime</var>:
<div class="Bd Pp Li">
<pre>struct clockctl_clock_settime {
clockid_t clock_id;
struct timespec *tp;
};</pre>
</div>
</dd>
<dt id="CLOCKCTL_ADJTIME"><a class="permalink" href="#CLOCKCTL_ADJTIME"><code class="Dv">CLOCKCTL_ADJTIME</code></a></dt>
<dd>This will run the <a class="Xr">adjtime(2)</a> system call. Argument
should be a pointer to a <var class="Va">struct clockctl_adjtime</var>:
<div class="Bd Pp Li">
<pre>struct clockctl_adjtime {
const struct timeval *delta;
struct timeval *olddelta;
};</pre>
</div>
</dd>
<dt id="CLOCKCTL_NTP_ADJTIME"><a class="permalink" href="#CLOCKCTL_NTP_ADJTIME"><code class="Dv">CLOCKCTL_NTP_ADJTIME</code></a></dt>
<dd>This will run the <a class="Xr">ntp_adjtime(2)</a> system call. Argument
should be a pointer to a <var class="Va">struct
clockctl_ntp_adjtime</var>:
<div class="Bd Pp Li">
<pre>struct clockctl_ntp_adjtime {
struct timex *tp;
};</pre>
</div>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
ALSO</a></h1>
<p class="Pp"><a class="Xr">adjtime(2)</a>, <a class="Xr">clock_settime(2)</a>,
<a class="Xr">ioctl(2)</a>, <a class="Xr">settimeofday(2)</a></p>
</section>
<section class="Sh">
<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1>
<p class="Pp"><code class="Nm">clockctl</code> appeared in
<span class="Ux">NetBSD 1.6</span>.</p>
</section>
</div>
<table class="foot">
<tr>
<td class="foot-date">February 19, 2009</td>
<td class="foot-os">NetBSD 10.1</td>
</tr>
</table>
|
