The
clockctl interface brings clock control to non-root users. Any user with write access to
/dev/clockctl will be able to perform operations such as
settimeofday(2),
clock_settime(2),
adjtime(2), or
ntp_adjtime(2), which are normally restricted to the super-user. Using the
clockctl pseudo-device, it is possible to run daemons such as
ntpd(8) as non-privileged users, thus reducing the security exposure if a compromise is found in such a daemon.
The
clockctl pseudo-device driver provides an
ioctl(2) call for each privileged clock-related system call. The system call stubs in C library will use the
ioctl(2) on
/dev/clockctl if the special file is present and accessible, or will revert to the plain super-user-restricted system call if the special file is not accessible.
The following
ioctl(2) calls are defined in
<sys/clockctl.h>:
CLOCKCTL_SETTIMEOFDAY
This will run the
settimeofday(2) system call. Argument should be a pointer to a
struct clockctl_settimeofday:
struct clockctl_settimeofday {
const struct timeval *tv;
const void *tzp;
};
CLOCKCTL_CLOCK_SETTIME
This will run the
clock_settime(2) system call. Argument should be a pointer to a
struct clockctl_clock_settime:
struct clockctl_clock_settime {
clockid_t clock_id;
struct timespec *tp;
};
CLOCKCTL_ADJTIME
This will run the
adjtime(2) system call. Argument should be a pointer to a
struct clockctl_adjtime:
struct clockctl_adjtime {
const struct timeval *delta;
struct timeval *olddelta;
};
CLOCKCTL_NTP_ADJTIME
This will run the
ntp_adjtime(2) system call. Argument should be a pointer to a
struct clockctl_ntp_adjtime:
struct clockctl_ntp_adjtime {
struct timex *tp;
};