--- a/components/ntp/Solaris/ntp.xml	Mon May 09 19:08:13 2016 -0700
+++ b/components/ntp/Solaris/ntp.xml	Mon May 09 19:08:13 2016 -0700
@@ -20,7 +20,7 @@
 
  CDDL HEADER END
 
- Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
 
  NOTE:  This service manifest is not editable; its contents will
  be overwritten by package or patch operations, including
@@ -74,9 +74,10 @@
     	    timeout_seconds='600'>
 		<method_context>
 			<method_credential
-			    user='root'
-			    group='root'
-			    privileges='basic,!file_link_any,!proc_info,!proc_session,net_privaddr,proc_lock_memory,sys_time'
+			    user='daemon'
+			    group='daemon'
+			    privileges=
+'basic,!file_link_any,!proc_info,!proc_session,!sys_ib_info,!dax_access,net_privaddr,proc_lock_memory,sys_time,{file_write}:/tmp/*,{zone}:/var/ntp/*,{zone}:/system/volatile/ntp.pid,{file_dac_read,file_dac_search}:/etc/inet/*'
 			/>
 		</method_context>
 	</exec_method>
@@ -88,9 +89,10 @@
     	    timeout_seconds='1800'>
 		<method_context>
 			<method_credential
-			    user='root'
-			    group='root'
-			    privileges='basic,!file_link_any,!proc_info,!proc_session,net_privaddr,proc_lock_memory,sys_time'
+			    user='daemon'
+			    group='daemon'
+			    privileges=
+'basic,!file_link_any,!proc_info,!proc_session,!sys_ib_info,!dax_access,net_privaddr,proc_lock_memory,sys_time,{file_write}:/tmp/*,{zone}:/var/ntp/*,{zone}:/system/volatile/ntp.pid,{file_dac_read,file_dac_search}:/etc/inet/*'
 			/>
 		</method_context>
 	</exec_method>

--- a/components/ntp/ntp.p5m	Mon May 09 19:08:13 2016 -0700
+++ b/components/ntp/ntp.p5m	Mon May 09 19:08:13 2016 -0700
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 
 <transform file path=usr/share/doc/ntp/(.+$) -> set action.hash html/%<1> >
@@ -292,8 +292,8 @@
 file manpages/ntptrace.8 path=usr/share/man/man8/ntptrace.8 \
     mangler.man.stability=volatile
 file scripts/lib/NTP/Util.pm path=usr/share/ntp/lib/NTP/Util.pm
-dir  path=var/ntp group=sys
-dir  path=var/ntp/ntpstats group=sys
+dir  path=var/ntp owner=daemon group=daemon
+dir  path=var/ntp/ntpstats owner=daemon group=daemon
 legacy pkg=SUNWntpr \
     desc="Network Time Protocol v4, NTP Daemon and Utilities (root)" \
     name="Network Time Protocol Daemon v4 (root)"

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ntp/patches/75-notroot.patch	Mon May 09 19:08:13 2016 -0700
@@ -0,0 +1,32 @@
+This works around the limitation of requiring root as the user. This has
+been reported to the community as NTP bug 2422 "Allow ntpd to be started as 
+non-root if appropriate POSIX capabilities are set" which although reported
+as Linux specific, is being used to track the Solaris issue as well.
+
+This particular solution is not being passed to the community as a solution
+because it is specific to Solaris and to our specific use of SMF and is not
+really suitable as a general solution.
+
+--- ntpd/ntpd.c
++++ ntpd/ntpd.c
[email protected]@ -620,12 +620,14 @@ ntpdmain(
+ 
+ 	/* MPE lacks the concept of root */
+ # if defined(HAVE_GETUID) && !defined(MPE)
+-	uid = getuid();
+-	if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
+-		msyslog_term = TRUE;
+-		msyslog(LOG_ERR,
+-			"must be run as root, not uid %ld", (long)uid);
+-		exit(1);
++	if (!getenv("SMF_FMRI")) {
++		uid = getuid();
++		if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
++			msyslog_term = TRUE;
++			msyslog(LOG_ERR,
++				"must be run as root, not uid %ld", (long)uid);
++			exit(1);
++		}
+ 	}
+ # endif
+