syslog-ng and iptables logs

Steve Crosby fost at hotmail.com
Thu Feb 17 19:38:17 PST 2005


Robert Connolly <robert at linuxfromscratch.org> wrote in
news:200502172211.16388.robert at linuxfromscratch.org: 

> It should be opening that file as root before it drops.. The config
> seems to be a bit wrong too, its a file not a pipe. Anyway, we are
> thinking of switching back to sysklogd. Syslog-ng will depend on glib
> soon. 
> 

<snip>

Why drop it? we already use libol, which will be replaced by glib instead.

> 
> On February 17, 2005 09:46 pm, T_B wrote:

<sniop>

>> After a bit of googling, I found that this occurs because
>> pipe("/proc/kmsg") appears as a listed source in /etc/syslog-ng.conf,
>> /proc/kmsg has
>> permissions 400 and is owned by root. Therefore, read access to it
>> when syslog-ng is running as user syslog is not permitted.
>>

As Robert pointed out, the sources are opened as root, before permissions 
are dropped. Note this means you can't HUP syslog-ng, since the HUP does 
not re-aquire root priveleges. You can work around this by creating all the 
normal chroot symlinks (although symlinking /proc into a chroot is not 
recommended ;)

The probable reason for the failure is that the pipe() directive actually 
opens  as read\write - using file() instead (as Robert pointed out) should 
work okay (will test myelf in a few hours).

-- -
Steve Crosby



More information about the hlfs-dev mailing list