--- ntpd_org 2008-07-14 02:29:40.000000000 +0200 +++ ntpd 2008-07-05 01:52:18.000000000 +0200 @@ -22,7 +22,7 @@ checkconfig || return $? ebegin "Starting ntpd" - start-stop-daemon --start --exec /usr/sbin/ntpd \ + run-jail ntpd start-stop-daemon --start --exec /usr/sbin/ntpd \ --pidfile /var/run/ntpd.pid \ -- -p /var/run/ntpd.pid ${NTPD_OPTS} eend $? "Failed to start ntpd" ; ; RSBAC JAIL definition for ntpd ; ; Installed versions: 4.2.6_p3(13:14:40 06.05.2011)(caps ssl -debug -ipv6 -openntpd -parse-clocks -selinux -snmp -vim-syntax -zeroconf) ; ; 20060920 20111301 ; ; tested by: Jens Kasten (igraltist) ; ; tested on: Gentoo (hardened) ; "" "0.0.0.0" (allow-external-ipc allow-dev-write allow-netlink allow-inet-raw) () () (time-strucs capability) Depcreated: ; ; RSBAC JAIL definition for ntp-server ; 20060920 ; "" "0.0.0.0" (allow-external-ipc allow-all-net-family allow-dev-read allow-dev-write) (sys-time net-bind-service ipc-lock dac-override setgid setuid sys-resource) () (capability clock time-strucs mlock rlimit) This is execute now: rsbac_jail -i -n -d -D -C SYS_TIME NET_BIND_SERVICE IPC_LOCK DAC_OVERRIDE SETGID SETUID SYS_RESOURCE -M capability clock time_strucs mlock rlimit start-stop-daemon --start --exec /usr/sbin/ntpd --pidfile /var/run/ntpd.pid -- -p /var/run/ntpd.pid -u ntp:ntp