diff options
Diffstat (limited to 'net/ntpd-rs/files/ntp_daemon.in')
| -rw-r--r-- | net/ntpd-rs/files/ntp_daemon.in | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/net/ntpd-rs/files/ntp_daemon.in b/net/ntpd-rs/files/ntp_daemon.in new file mode 100644 index 000000000000..9441e8d35fc3 --- /dev/null +++ b/net/ntpd-rs/files/ntp_daemon.in @@ -0,0 +1,74 @@ +#!/bin/sh + +# PROVIDE: ntp_daemon +# REQUIRE: DAEMON FILESYSTEMS devfs +# BEFORE: LOGIN +# KEYWORD: nojail resume shutdown +# +. /etc/rc.subr + +name=ntp_daemon +rcvar=ntp_daemon_enable + +load_rc_config $name + +ntp_daemon_enable=${ntp_daemon_enable-"NO"} +ntp_daemon_config=${ntp_daemon_config-"%%ETCDIR%%/ntp.toml"} +ntp_daemon_socket=${ntp_daemon_socket-"/var/run/ntpd-rs"} + +command="/usr/bin/true" +procname="/usr/sbin/daemon" +pidfile="/var/run/${name}.pid" + +start_cmd="ntp_daemon_start" +stop_cmd="ntp_daemon_stop" + +can_run_nonroot() +{ + # Try to set up the MAC ntpd policy so ntpd can run with reduced + # privileges. Detect whether MAC is compiled into the kernel, load + # the policy module if not already present, then check whether the + # policy has been disabled via tunable or sysctl. + [ -n "$(sysctl -qn security.mac.version)" ] || return 1 + sysctl -qn security.mac.ntpd >/dev/null || kldload -qn mac_ntpd || return 1 + [ "$(sysctl -qn security.mac.ntpd.enabled)" == "1" ] || return 1 +} + +is_process_running() +{ + [ -f ${pidfile} ] && procstat $(cat ${pidfile}) >/dev/null 2>&1 +} + +ntp_daemon_start() +{ + # If we can run as a non-root user, switch uid to ntpd. + if can_run_nonroot; then + _user="ntpd" + else + _user="root" + fi + + [ -d "${ntp_daemon_socket}" ] || /bin/mkdir "${ntp_daemon_socket}" + /usr/sbin/chown ${_user}:${_user} "${ntp_daemon_socket}" + /usr/sbin/daemon -P ${pidfile} -r -f -o /var/log/ntp_daemon.log -u ${_user} -H %%PREFIX%%/bin/ntp-daemon --config "${ntp_daemon_config}" + + if is_process_running; then + echo "Started ntp-daemon (pid=$(cat ${pidfile}))" + else + echo "Failed to start ntp-daemon" + fi +} + +ntp_daemon_stop() +{ + if is_process_running; then + /bin/rm -rf "${ntp_daemon_socket}" + local pid=$(cat ${pidfile}) + echo "Stopping ntp-daemon (pid=${pid})" + kill -- -${pid} + else + echo "ntp-daemon isn't running" + fi +} + +run_rc_command "$1" |