the main process must chdir to /, since it cannot have daemon() do the

job at startup.  After much anguish I accept dlg's solution of chdir
for the problem ("starting ntpd on a filesystem I want to unmount"),
but we cannot change the main-process daemon() call.  Why?  Because
the ntpd privsep design predates more modern designs where the config
file is parsed once, and configuration marshalled to the fork+exec
children.  Instead each ntpd process re-parses the config, and if
we chdir before fork+exec startup, it will move the basedir causing
-f "relativepath" to fail.
discussed with florian

src/usr.sbin/ntpd/ntpd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntpd.c,v 1.116 2018/08/08 22:56:42 deraadt Exp $ */
+/*	$OpenBSD: ntpd.c,v 1.117 2018/08/31 18:45:02 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -220,6 +220,9 @@ main(int argc, char *argv[])
 	    pipe_chld) == -1)
 		fatal("socketpair");
 
+	if (chdir("/") == -1)
+		fatal("chdir(\"/\")");
+
 	signal(SIGCHLD, sighdlr);
 
 	/* fork child process */