On Tue, 02 Aug 2005 15:28:01 PDT, Arnold Wang said:
I'm running syslog-ng in chroot mode, followed the instructions in http://www.campin.net/syslog-ng/chroot-jail.html. I also enabled DNS lookup so I can show the Cisco routers in their friendly names instead of IPs. The DNS lookup works fine until I enabled chroot mode. I copied "nsswitch.conf" and "resolv.conf" files into $CHROOTDIR/etc as well, just in case.
You'll also need any shared libs your syslog-ng binary needs (use ldd to find them), and probably stuff in $CHROOT/dev as well (dev/null and dev/zero come to mind). I'm probably missing something here - 'strace -f chroot $CHROOT bin/syslog-ng' will show you if you're missing anything else...
BTW, the host is RHEL4 and I set SELinux to "permissive".
'permissive' will probably throw a whole lot of AVC messages unless you label the contexts for the files in the chroot tree (fortunately, there's hopefully not a lot, so hand-labelling is probably feasible). Sorry, the inability to use 'restorecon' to label a chroot tree is a known deficiency in the current tools... Fortunately, in permissive mode, each avc message is only printed once, so you'll get spammed with a bunch of messages at startup (and probably one/two more logmsgs for each logfile it opens).
Will my configuration work? If so, what should I check? Thanks in advance for help.
Shared libs.. /dev entries. The strace command I gave should help find other stuff that's missing. Good luck. ;)