[syslog-ng]replacing Linux klogd by a chrooted syslog-ng running as a non root user

Balazs Scheidler bazsi@balabit.hu
Thu, 7 Nov 2002 17:37:26 +0100


On Thu, Nov 07, 2002 at 04:31:45PM +0100, Guillaume LACHENAL wrote:
> Balazs Scheidler wrote :

> Could you please explain. It works as you say with ntpd chrooted on my 
> box.
> But, after 'chroot /chroot /sbin/ntpd' the running ntpd only see what's
> under '/chroot/'. How it works when ntpd attempt to log something ?
> (to /chroot/dev/log)

here's the scenario:
- syslog-ng chrooted, using /dev/log _inside_ the jail
- applications outside cannot send log messages, as their /dev/log is not 
  opened (as syslog-ng only opened /dev/log _in_ the jail)
- symlink in the outside system from /dev/log to /chroot/syslog-ng/dev/log

any program not within any jail can happily send log messages, and you can
reload syslog-ng.

it might not be completely applicable to your case, but might be useful if
somebody wants to run syslog-ng in a jail, and still be able to send log
messages from the system.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1