[pid 14144] bind(4, {sin_family=AF_UNIX, path=" /dev/log"}, 110) = -1 EPERM (Operation not permitted)
(Apr 12 19:02:24 db rsbac_adf_request_rc(): rsbac_get_attr() returned error -1017! Apr 12 19:02:24 db rsbac_adf_request(): request READ_WRITE_OPEN, caller_pid 15361, caller_prog_name syslog-ng, caller_uid 0, target-type IPC, tid ???-ID 134521299, attr sockaddr, value 3437575888, result NOT_GRANTED by RC)
Two problems: why has the bind command 110 bytes path attribute, why not only "/dev/log".
Thanks for the report. I now applied a fix for the CVS which calculates the runtime length of the required sockaddr_un structure instead of simply passing sizeof(struct sockaddr_un), for those interested here's the patch. It should be applied to the libol source tree. Index: io.c =================================================================== RCS file: /var/cvs/libol/src/io.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 @@ -927,7 +929,7 @@ } unlink(un.sun_path); errno = 0; - if (bind(fd, (struct sockaddr *) &un, sizeof(struct sockaddr_un)) == -1) { + if (bind(fd, (struct sockaddr *) &un, sizeof(un) - sizeof(un.sun_path) + strlen(un.sun_path) + 1) == -1) { werror("io.c: bind_unix_socket(): bind failed %z (%z)\n", un.sun_path, strerror(errno)); return 0; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1