"read(4, 0x55ad20, 8192) = -1 EPERM (Operation not permitted)"
This is indicative of access control restrictions. If you consider the file trying to be read ("/proc/kmsg") and it's permissions (only readable as root) it makes sense why you are getting permission errors
Okay, I see that /proc/kmsg was readable only by root. However, I don't seem to be able to get around this. As shown below I can't seem to read /proc/kmsg as user syslogng no matter what permissions I set: mmiller@xpc1:~$ ls -l /var/local/chroot/syslogng/proc/kmsg -rwxrwxrwx 1 syslogng syslogng 0 2007-01-03 18:19 /var/local/chroot/syslogng/proc/kmsg mmiller@xpc1:~$ sudo -u syslogng cat /var/local/chroot/syslogng/proc/kmsg cat: /var/local/chroot/syslogng/proc/kmsg: Operation not permitted I realize that this may not strictly be a syslog-ng issue, but how can I use syslog-ng's "-u" option for added security and still get at /proc/kmsg?
/var/log/syslog /var/log/messages /dev/xconsole
File attribute changes are failing due to only being modifiable as root, but being modified as user "syslogng".
Okay, so apparently the process needs CAP_CHOWN privilege so that the 'fchown' call can succeed? I seem to be getting these errors even if the files are already owned by the user that I specify with syslog-ng's "-u" option. Maybe syslog-ng should first check the owner of the files before trying to change the owner? I'm just guessing here. Also, I don't want to go to a lot of effort solely to get a clean 'strace.' I do, though, want to avail myself of all of syslog-ng's abilities, and I want to run as a user other than root.