https://bugzilla.balabit.com/show_bug.cgi?id=108 --- Comment #25 from Matthias Runge <mrunge@fedoraproject.org> 2011-07-08 12:40:47 --- (In reply to comment #24)
There's something broken on Fedora, I believe. Including <sys/capability.h> results in CAP_SYSLOG being defined, the kernel knows it too, so g_process_check_cap_syslog() will return TRUE, and we assume that libcap knows about the capability aswell (since sys/capability.h belongs to libcap-devel).
But it doesn't. Fedora seems to have libcap 2.17, while CAP_SYSLOG was introduced in 2.20. And there's a discrepancy between the headers (which suggest CAP_SYSLOG is supported) and libcap. I can modify the patch to fall back to cap_sys_admin=ep in case libcap does not support cap_syslog, but then we'd get the kernel warning again.
Yeah, I've just found fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=689752 (about libcap version 2.20 released)
The proper course of action would be to fix Fedora: either by upgrading libcap, or fixing the headers to not define CAP_SYSLOG (but then we're back to kernel warnings...).
In any case, in an up-to-date environment, where both the kernel and libcap support cap_syslog, my backport works. But if libcap doesn't support it, there's nothing syslog-ng can do.
I understand. Thank you. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.