[syslog-ng]Jailing syslog-ng on OpenBSD 3.5

syslog-ng@lists.balabit.hu syslog-ng@lists.balabit.hu
Mon, 26 Jul 2004 13:43:29 +0100


Hello.

I'm having difficulty jailing syslog-ng under OpenBSD 3.5.

My exact steps so far (after having added group _syslogng and user
_syslogng):

# mkdir -p /jail/sysng
# mkdir -p /jail/sysng/usr/local/sbin
# mkdir -p /jail/sysng/usr/lib
# mkdir -p /jail/sysng/usr/libexec
# mkdir -p /jail/sysng/dev
# mkdir -p /jail/sysng/var/log
# mkdir -p /jail/sysng/etc/syslog-ng

# cp /usr/local/sbin/syslog-ng /jail/sysng/usr/local/sbin
# cp /usr/lib/libc.so.30.3 /jail/sysng/usr/lib
# cp /usr/libexec/ld.so /jail/sysng/usr/libexec
# cp /etc/syslog-ng/syslog-ng.conf /jail/sysng/etc/syslog-ng/

# chown -R _syslogng._syslogng /jail/sysng
# ln /dev/log /jail/sysng/dev/log

I should explain that I installed syslog-ng from a package, as I have no
access to a compiler on this machine (and my other machine is currently
in pieces being repaired) - therefore I just moved the binaries into
the jail.

Running the command:

# chroot -g _syslogng -u _syslogng /jail/sysng /usr/local/sbin/syslog-ng

Does not give any errors, and log files are indeed created in
/jail/var/log (as per the configuration file) - HOWEVER, nothing on
the system is actually logged. Syslog-ng logs its own 'birth and death'
but does not, for example, log mail or even the reboot command.

Is there some glaring error here? The debugging output from syslog-ng
gives no errors either, I'm lost as to where to go next to track down
the problem.

mark

ps: I excluded my config as it's pretty much the stock sample config
with uccp and ppp removed. If this is relevant, I will attach it to my
next email.