It was figured out that since glibc2.31 glibc changed its internal implementation of adjtimex from adjtimex to clock_adjtime. This results in chronyd fails to start in Docker container with:
adjtimex
clock_adjtime
chronyd
Fatal error : adjtimex(0x8001) failed : Operation not permitted
Though time namespace support has been merged into the Linux kernel 5.6, Azure's Ubuntu VM has an older kernel.
Whether Docker upstream fixes that or not, we should apply our own seccomp profile to allow sync time (this is required by NTP tests). it is acceptable for testing 1 IPA environment on 1 Azure VM.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1778133 Docker issue: https://github.com/moby/moby/issues/40919
master:
ipa-4-8:
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.