ntp.service: Failed to set up mount namespacing: Permission denied

[zedtux]

Cookbook version

3.6.2

Chef-client version

15.8.23

Platform Details

Debian Buster

Scenario:

Deploying this cookbook fails with the following errors:

Feb 20 10:37:42 west-1 systemd[1]: Starting Network Time Service...
Feb 20 10:37:42 west-1 systemd[12502]: ntp.service: Failed to set up mount namespacing: Permission denied
Feb 20 10:37:42 west-1 systemd[12502]: ntp.service: Failed at step NAMESPACE spawning /usr/lib/ntp/ntp-systemd-wrapper: Permission denied
Feb 20 10:37:42 west-1 systemd[1]: ntp.service: Control process exited, code=exited, status=226/NAMESPACE
Feb 20 10:37:42 west-1 systemd[1]: ntp.service: Failed with result 'exit-code'.
Feb 20 10:37:42 west-1 systemd[1]: Failed to start Network Time Service.

The way I found to make it working is the following:

sed -i -e 's,PrivateTmp=true,PrivateTmp=false\nNoNewPrivileges=yes,g' /lib/systemd/system/ntp.service
systemctl daemon-reload
systemctl start

Expected Result:

Get ntp starting correctly.

Actual Result:

ntp fails to start

[github-actions]

Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.

[zedtux]

Why do we have bots to close issues instead of having a bots reminding devs about existing issues ...🤔? It would make so much more sens actually.

[ramereth]

@zedtux given the amount of cookbooks we maintain, it's difficult to get to all of these issues. So doing this helps us make sure when users (like you) reply, we know it's still important to deal with.

Feel free to make a PR which addresses this and we'll get it merged!