On Thu, Jan 20, 2011 at 06:16:16PM +0100, bugzilla@bugzilla.balabit.com wrote:
--- Comment #7 from Gergely Nagy <algernon@balabit.hu> 2011-01-20 18:16:16 --- Did some more research, and this is looking to be harder and harder without some kind of version sniffing.
Using a libcap that doesn't know a thing about CAP_SYSLOG, syslog-ng will abort on 'cap_syslog=ep' on startup, regardless of what kernel is running under it (tested with stock Debian Squeeze kernel, 2.6.32+patches, no CAP_SYSLOG; and with 2.6.38-rc1 with CAP_SYSLOG). Using a patched libcap that does know about CAP_SYSLOG will succeed, on both kernels, and even if I try to verify that the process has the flag I just set, it still returns true for both kernels, regardless whether they do support CAP_SYSLOG or not.
This looks rather hopeless to me, unfortunately.
You didn't clarify the cause of the abort. Perhaps something could be done to prevent the abort from occurring? If not I suppose you are hosed. Regarding the success in the patched library, you could figure out it didn't work by getting back an error when you open the syslog device, and then try again with the admin capability set, no? Matthew.