The chroot jailing patch has resolver issue.
Instead of ugly and incomplete
workaround I'd prefer to include resolver chroot into ntpd chroot.
Maybe ntpd and ntpdate should chroot by default like named in our bind package.
In latter case, ntpdate could be jailed to /var/empty/.
* Sun Feb 15 2004 Dmitry V. Levin <email@example.com> 4.1.2-alt2
- Fixed chroot jailing and droppriv code (#3461).
- Changed default settings:
ntpd: switch to ntpd:ntpd, chroot to /var/lib/ntpd;
ntp_intres: switch to ntpd:ntpd, chroot to /var/resolv;
ntpdate: switch to ntpd:ntpd, chroot to /var/empty.