-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valdis.Kletnieks@vt.edu skrev:
On Thu, 29 Nov 2007 11:14:12 +0100, Balazs Scheidler said:
I think this is not a permission problem. syslog-ng opens the device once, and then it is kept opened. Permissions checking is usually applied at open time and not any later.
Note that on a Linux box that uses SELinux, it *is* possible for a file to be opened sucessfully, but later on a security context change on the file causes subsequent read/write activity to fail.
Before login:
% ls -lZ /dev/tty1 crw------- root root system_u:object_r:tty_device_t:s0 /dev/tty1
After login:
% ls -lZ /dev/tty1 crw------- valdis tty staff_u:object_r:staff_tty_device_t:s0 /dev/tty1
(This is with SELinux and the MLS stuff in place).
My best guess as to what's nuking things - flush_unauthorized_files() in security/hooks.c in the kernel.
This is Suse Enterprise Linux 10 (tailored for Ericsson PBX), and there you have not SELinux, but AppArmor. That might provide the same mechanism and be the culprit. Also explains why the behaviour does not seem obvious to someonw who knows the syslog-ng codebase. Thanks! I have yet to test, but my proposed solution before your reply was to create a fifo, have sylog-ng log there and use 'cat' as root to push it to /dev/ttyS0. I will now look into AppArmor policies. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHTybUsJJnSzEQqpgRAj7hAJ9epoAeL7FEQQ29+0QTgfvZg4IBtwCeNfQg POGQStbuZAThO8hzq6jMmC4= =pefK -----END PGP SIGNATURE-----