On Thu, 29 Nov 2007 11:14:12 +0100, Balazs Scheidler said:
I think this is not a permission problem. syslog-ng opens the device once, and then it is kept opened. Permissions checking is usually applied at open time and not any later.
Note that on a Linux box that uses SELinux, it *is* possible for a file to be opened sucessfully, but later on a security context change on the file causes subsequent read/write activity to fail. Before login: % ls -lZ /dev/tty1 crw------- root root system_u:object_r:tty_device_t:s0 /dev/tty1 After login: % ls -lZ /dev/tty1 crw------- valdis tty staff_u:object_r:staff_tty_device_t:s0 /dev/tty1 (This is with SELinux and the MLS stuff in place). My best guess as to what's nuking things - flush_unauthorized_files() in security/hooks.c in the kernel.