SUSE Support

Here When You Need Us

chronyd systemd service Unknown lvalue

This document (000021603) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5


Situation

There are "Unknown lvalue" messages seen when looking at the systemd chrony service:

Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:25] Unknown lvalue 'ProtectKernelLogs' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:26] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:23] Unknown lvalue 'ProtectHostname' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:24] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:25] Unknown lvalue 'ProtectKernelLogs' in section 'Service'
Oct 25 17:31:31 s12s5 systemd[1]: [/usr/lib/systemd/system/chronyd.service:26] Unknown lvalue 'ProtectControlGroups' in section 'Service'

Resolution

To permanently prevent these messages, edit the chronyd systemd service and comment the lines:

#ProtectHostname=true
#ProtectKernelModules=true
#ProtectKernelLogs=true
#ProtectControlGroups=true
#DeviceAllow=char-rtc
#DeviceAllow=char-ptp

To make the change run this command and comment the above lines as shown:

systemctl edit --full chronyd.service

Then restart the chrondy service and the messages will be no longer seen.

systemctl restart chronyd.service

Cause

Systemd sandboxing options added to chronyd.service file to cause warnings on SLE12-SP5 because they are unknown to older systemd.

On systems with systemd < 244 this will generate one or more warnings like this to syslog:

Unknown key name 'XXX' in section 'Service', ignoring.

These are just warnings and completely harmless, Systemd simply warns about keywords it doesn't know and ignores them.

 

Additional Information

Systemd hardening options were added for future security purposes.

They are documented here:

https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021603
  • Creation Date: 28-Oct-2024
  • Modified Date:29-Oct-2024
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center