On Mon, Jan 24, 2005 at 10:04:28AM +0100, Balazs Scheidler wrote:
On Sun, 2005-01-23 at 22:03 +0100, Wolfgang Braun wrote:
If you use logrotate/newsyslog to rotate logfiles things will break if you read from 514/udp/tcp or any other privilleged sources (like /proc/kmsg on Linux) and send SIGHUP to syslog-ng to restart logfiles. Those resources are no longer available once you dropped privilleges and went to jail.
/proc can be mounted inside the jail, so /proc/kmsg can be reopened while inside the jail.
Good point, didn't think of that
A possible solution for /dev/log is to create it inside the jail and make a symbolic link from outside pointing to inside.
There are no problems with opening TCP/UDP sources inside the jail.
Not with the jail itself but I cannot bind 514 when I dropped root privilleges. Thanks for the reply, have to think it over again :) -- Wolfgang Braun, Dipl.-Inform. (FH) <wolfgang.braun@gmx.de> gpg-key: 1024D/4B32CE55 gpg-fingerprint: 7F0F DE82 94A5 B476 0E08 4972 AC95 31A3 4B32 CE55