Hi, I am having high memory usage with v3.23, as suggested in some tickets, I am trying to switch to jemalloc to see if there is any improvement. However I cannot use LD_PRELOAD as I am running syslogng as a standard user (setuid + setcap to bind to a port <1024). I can easily get rid of the setuid part, however I do not see how to get rid of the setcap beside using an ugly iptables trick. Or any solution for those : 1/ Syslogng runned as root (for port binding) then dropping to standard user ? 2/ Get LD_PRELOAD to work with setcap binaries ? 3/ build syslogng (link?) against jemalloc ? 4/ Manage to have ld.preload limited to an user or binary ? Thanks for your help -- Jean-Baptiste Fuzier
I found a way for 1/ which solves the problem. It is needed to have cap support in syslogng (--enable-caps), then --user tells syslogng to switch to this user and --caps cap_net_bind_service=ep allows syslogng to bind to priviledge ports despite being not root. LD_PRELOAD="/xxx/libjemalloc.so.2" works fine this way, as the binary is neither setuid nor has any capabilities set. -- Jean-Baptiste Fuzier
participants (1)
-
Jean-Baptiste Fuzier