chronyd systemd service Unknown lvalue
This document (000021603) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
Situation
There are "Unknown lvalue" messages seen when looking at the systemd chrony service:
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:25] Unknown lvalue 'ProtectKernelLogs' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:26] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:23] Unknown lvalue 'ProtectHostname' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:24] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:25] Unknown lvalue 'ProtectKernelLogs' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:26] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Resolution
To permanently prevent these messages, edit the chronyd systemd service and comment the lines:
#ProtectHostname=true
#ProtectKernelModules=true
#ProtectKernelLogs=true
#ProtectControlGroups=true
#DeviceAllow=char-rtc
#DeviceAllow=char-ptp
To make the change run this command and comment the above lines as shown:
systemctl edit --full chronyd.service
Then restart the chrondy service and the messages will be no longer seen.
systemctl restart chronyd.service
Cause
Systemd sandboxing options added to chronyd.service file to cause warnings on SLE12-SP5 because they are unknown to older systemd.
On systems with systemd < 244 this will generate one or more warnings like this to syslog:
Unknown key name 'XXX' in section 'Service', ignoring.
These are just warnings and completely harmless, Systemd simply warns about keywords it doesn't know and ignores them.
Additional Information
Systemd hardening options were added for future security purposes.
They are documented here:
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021603
- Creation Date: 28-Oct-2024
- Modified Date:29-Oct-2024
-
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com