robert at linuxfromscratch.org
Tue May 22 15:26:11 PDT 2007
On Tuesday May 22 2007 11:23:24 am Robert Connolly wrote:
> I ran 'strace -f' on klogd and found another problem, which is discussed
> here: http://www.redhat.com/archives/axp-list/1998-October/msg01043.html
> Notice the date on that link.. this was never fixed upstream.
> klogd tries to use an unimplemented syscall 1024 (resource-limit-max)
> times. Unimplemented syscalls don't return a newline character, and klogd
> doesn't expect that, and it keeps trying.
My mistake. When I saw 1021 failed attempts to close non-existant file
descriptors, I thought it was a bug, but it's not. Klogd loops through every
possible file descriptor, to close them, before forking. It's not very
efficient, or necessary, but it certainly makes sure none remain open.
There's probably a reason for it, so I'll leave it alone.
Klogd can't drop privileges with existing patches... when I try I see klogd
opens /proc/kmsg as root, then chroots and drops to a regular user, but the
kernel won't allow the regular user to read /proc/kmsg. This works on regular
files, like when the syslog user opens /var/log/logfiles, but doesn't seem to
work with /proc files. The same thing happens when trying to change priority
with the kernel syslog call. I'm hoping to find a way to use Linux posix
capabilities so klogd can drop to a regular user but keep root privileges
on /proc/kmsg and syslog(2). The permissions on /proc/kmsg are deeper than
filesystem permissions. Making it group readable doesn't have any affect.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev