[syslog-ng] help on DNS issue when running syslog-ng chrooted
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Aug 3 05:15:57 CEST 2005
On Tue, 02 Aug 2005 15:28:01 PDT, Arnold Wang said:
> I'm running syslog-ng in chroot mode, followed the instructions in
> http://www.campin.net/syslog-ng/chroot-jail.html. I also enabled DNS
> lookup so I can show the Cisco routers in their friendly names instead
> of IPs. The DNS lookup works fine until I enabled chroot mode. I copied
> "nsswitch.conf" and "resolv.conf" files into $CHROOTDIR/etc as well,
> just in case.
You'll also need any shared libs your syslog-ng binary needs (use ldd to find them),
and probably stuff in $CHROOT/dev as well (dev/null and dev/zero come to mind).
I'm probably missing something here - 'strace -f chroot $CHROOT bin/syslog-ng' will
show you if you're missing anything else...
> BTW, the host is RHEL4 and I set SELinux to "permissive".
'permissive' will probably throw a whole lot of AVC messages unless you label
the contexts for the files in the chroot tree (fortunately, there's hopefully
not a lot, so hand-labelling is probably feasible). Sorry, the inability to
use 'restorecon' to label a chroot tree is a known deficiency in the current
tools...
Fortunately, in permissive mode, each avc message is only printed once, so you'll
get spammed with a bunch of messages at startup (and probably one/two more logmsgs
for each logfile it opens).
> Will my configuration work? If so, what should I check? Thanks in
> advance for help.
Shared libs.. /dev entries. The strace command I gave should help find
other stuff that's missing. Good luck. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050802/96b39521/attachment.pgp
More information about the syslog-ng
mailing list