On Fri, 2007-02-09 at 03:01 +0000, Bryan Henderson wrote:
Here's a patch that adds an option to the UDP source to specify the file descriptor of an already bound UDP socket, in lieu of having syslog-ng create and bind the socket.
This makes it possible to run syslog-ng without the privilege required to bind to reserved UDP port numbers (such as the standard syslog port number). I exec syslog-ng with no privileges at all, except write permission to the log files.
Aside from the config file processing, all the patch does is skip the call to afsocket_open_socket() if the user supplied a file descriptor, and move the settings of the nonblock and close-on-exec options from afsocket_open_socket() to afsocket_setup_socket().
I am somewhat reluctant to include such a patch, so you need external tools to actually set the fd up, and it does not handle reloads. I would rather use some kind of dynamic capability management. (e.g. a minimal set of syslog-ng would run as root, while the actual message processing would happen in a restricted part. (e.g. have a parent with root privileges, and fork/drop privileges after configuration init was successful) This way it would be possible to reload the configuration: HUP the parent, kill/refork the child. (not to mention that chroot might also work then) -- Bazsi