[syslog-ng]replacing Linux klogd by a chrooted syslog-ng running as a
non root user
Guillaume LACHENAL
glachenal@on-x.com
Thu, 7 Nov 2002 16:31:45 +0100
Balazs Scheidler wrote :
> On Thu, Nov 07, 2002 at 03:10:50PM +0100, Guillaume LACHENAL wrote:
> > Is it for the same reasons that I have (almost) every time to send
SIGTERM
> > *twice*
> > for syslog-ng to terminate ?
>
> it was a bug, and should have been fixed in latest 1.5.x release.
OK. I'll upgrade when the best of syslog-ng will be configured quite fine
on the box ;-)
> > > then instead of using syslog-ng's own chroot feature, use the chroot
> >
> > Are you sure a chrooted process can follow symlinks outside the jail ?
>
> it's not the chrooted process which accesses the symlink, the programs
> running outside are accessing a file _in_ the chroot. (symlink in
/dev/log
> pointing to /chroot/dev/log)
Could you please explain. It works as you say with ntpd chrooted on my
box.
But, after 'chroot /chroot /sbin/ntpd' the running ntpd only see what's
under '/chroot/'. How it works when ntpd attempt to log something ?
(to /chroot/dev/log)
> I remember, libc itself shouldn't be needed. ldd shows what syslog-ng is
> linked to, but if it started outside, it will link to /lib/libc.so.6,
and
> _then_ chroot itself -> no need for libc in the jail itself.
>
> the others libresolv etc. are loaded after the chroot() call, so they
must
> be present in the jail as well.
>
> try rm-ing the libc inside the jail (and only libc the others might be
> needed), and start syslog-ng, it _should_ work.
Yes, it works