/dev/clockctl
will be able to perform operations such as
settimeofday(2),
clock_settime(2),
adjtime(2),
or
ntp_adjtime(2),
which are normally restricted to the super-user. Using the
clockctl
pseudo-device, it is possible to run daemons such as
ntpd(8)
as non-privileged users, thus reducing the security exposure if a
compromise is found in such a daemon.
The
clockctl
pseudo-device driver provides an
ioctl(2)
call for each privileged clock-related system call. The system
call stubs in C library will use the
ioctl(2)
on
/dev/clockctl
if the special file is present and accessible, or will revert to the
plain super-user-restricted system call if the special file is not accessible.
The following
ioctl(2)
calls are defined in
<sys/clockctl.h
>:
CLOCKCTL_SETTIMEOFDAY
struct clockctl_settimeofday {
const struct timeval *tv;
const void *tzp;
};
CLOCKCTL_CLOCK_SETTIME
struct clockctl_clock_settime {
clockid_t clock_id;
struct timespec *tp;
};
CLOCKCTL_ADJTIME
struct clockctl_adjtime {
const struct timeval *delta;
struct timeval *olddelta;
};
CLOCKCTL_NTP_ADJTIME
struct clockctl_ntp_adjtime {
struct timex *tp;
};