syslog-ng problem description(again)
So the exact problem was the following, who missed it: syslog-ng doesn't start if a unix socket soruce exists in the config file ( source src { unix-stream("/dev/log"); internal(); file("/proc/kmsg"); }; ) strace: [pid 14144] unlink("/dev/log") = -1 ENOENT (No such file or directory) [pid 14144] bind(4, {sin_family=AF_UNIX, path=" /dev/log"}, 110) = -1 EPERM (Operation not permitted) (Apr 12 19:02:24 db rsbac_adf_request_rc(): rsbac_get_attr() returned error -1017! Apr 12 19:02:24 db rsbac_adf_request(): request READ_WRITE_OPEN, caller_pid 15361, caller_prog_name syslog-ng, caller_uid 0, target-type IPC, tid ???-ID 134521299, attr sockaddr, value 3437575888, result NOT_GRANTED by RC) Two problems: why has the bind command 110 bytes path attribute, why not only "/dev/log". But: However why does rsbac stops at such ipc requests. workaround: delete unix-stream from the syslog-ng config file. problem on: 2.4.3+rsbac 1.2.1 pre 1 , 1.1.1, no problem on emergency kernel (I'm not really sure cause at one boot it said there is some problem but after that it worked) with: syslog-ng (potato,unstable) in debian, and syslog-ng 1.4.11 and 1.5.5a from source boldi
[pid 14144] bind(4, {sin_family=AF_UNIX, path=" /dev/log"}, 110) = -1 EPERM (Operation not permitted)
(Apr 12 19:02:24 db rsbac_adf_request_rc(): rsbac_get_attr() returned error -1017! Apr 12 19:02:24 db rsbac_adf_request(): request READ_WRITE_OPEN, caller_pid 15361, caller_prog_name syslog-ng, caller_uid 0, target-type IPC, tid ???-ID 134521299, attr sockaddr, value 3437575888, result NOT_GRANTED by RC)
Two problems: why has the bind command 110 bytes path attribute, why not only "/dev/log".
Thanks for the report. I now applied a fix for the CVS which calculates the runtime length of the required sockaddr_un structure instead of simply passing sizeof(struct sockaddr_un), for those interested here's the patch. It should be applied to the libol source tree. Index: io.c =================================================================== RCS file: /var/cvs/libol/src/io.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 @@ -927,7 +929,7 @@ } unlink(un.sun_path); errno = 0; - if (bind(fd, (struct sockaddr *) &un, sizeof(struct sockaddr_un)) == -1) { + if (bind(fd, (struct sockaddr *) &un, sizeof(un) - sizeof(un.sun_path) + strlen(un.sun_path) + 1) == -1) { werror("io.c: bind_unix_socket(): bind failed %z (%z)\n", un.sun_path, strerror(errno)); return 0; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
with a patched libol, now my 1.5.X is o.k. with rsbac, thanks! (btw if I patched libol-0.2.22 by hand (just changing the lines), i had to touch -r with an original-date io.c before make) thanks, boldi
On Fri, Apr 13, 2001 at 05:43:20PM +0200, Bencsath Boldizsar wrote:
with a patched libol, now my 1.5.X is o.k. with rsbac, thanks!
(btw if I patched libol-0.2.22 by hand (just changing the lines), i had to touch -r with an original-date io.c before make)
or touch io.c.x to make it older than io.c, or install scsh to be able to regenerate it. (it's not really needed in this case, the class definitions didn't change) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Bencsath Boldizsar