From james@targetnet.com Thu Oct 21 12:33:41 1999
Return-Path: <james@targetnet.com>
Received: from mail.datais.com (mail.datais.com [207.245.246.3])
	by hub.freebsd.org (Postfix) with ESMTP id 67C6114C57
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 21 Oct 1999 12:33:28 -0700 (PDT)
	(envelope-from james@targetnet.com)
Received: from equinox.targetnet.com ([216.13.75.130] helo=dev1.lab)
	by mail.datais.com with esmtp (Exim 3.02 #1)
	id 11eNxf-000Ez5-00
	for FreeBSD-gnats-submit@freebsd.org; Thu, 21 Oct 1999 15:33:19 -0400
Received: from james by dev1.lab with local (Exim 3.03 #1)
	id 11eNxf-00026L-00
	for FreeBSD-gnats-submit@freebsd.org; Thu, 21 Oct 1999 15:33:19 -0400
Message-Id: <E11eNxf-00026L-00@dev1.lab>
Date: Thu, 21 Oct 1999 15:33:19 -0400
From: James FitzGibbon <james@targetnet.com>
Reply-To: james@targetnet.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: update to init(8) manpage
X-Send-Pr-Version: 3.2

>Number:         14449
>Category:       docs
>Synopsis:       time clamping effect of securelevel not documented
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 21 12:40:00 PDT 1999
>Closed-Date:    Wed Dec 15 18:07:57 PST 1999
>Last-Modified:  Wed Dec 15 18:08:35 PST 1999
>Originator:     James FitzGibbon
>Release:        FreeBSD 3.3-19991019-STABLE i386
>Organization:
Targetnet.com Inc.
>Environment:

System running with kern.securelevel set to 3

>Description:

If kern.securelevel is greater than 1, time changes are clamped in the
kernel to no more than plus or minus one second at a time.  This is not
documented in the init(8) manpage.

Running xntpd on a system not already very close to the stratum 1 clocks
will fill the syslog with messages "Time adjustment clamped to +1 second". 
Without groping through the sys/kern/kern_time.c sourcefile, end users
wouldn't know that the securelevel was at the heart of the problem.

>How-To-Repeat:

Confiugre a machine with a securelevel of 2 or 3
Get the date from an ntp server.  Set the system clock to 5 minutes behind
the ntp server.
Run xntpd, specifying the same server as a upstream source of ntp data.

>Fix:
	
Document the time-clamping effects of "securelevel > 1" in the init(8)
manpage.  If other effects of changing securelevel are not documented, these
should be added as well.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: nik 
State-Changed-When: Wed Dec 15 18:07:57 PST 1999 
State-Changed-Why:  
Committing a fix to init.8 now.  Thanks. 
>Unformatted:
