[syslog-ng]FAQ-seeding: chroot jail procedure for Syslog-ng
Wolfgang Braun
syslog-ng@lists.balabit.hu
Mon, 24 Jan 2005 11:19:04 +0100
On Mon, Jan 24, 2005 at 10:04:28AM +0100, Balazs Scheidler wrote:
> On Sun, 2005-01-23 at 22:03 +0100, Wolfgang Braun wrote:
> >
> > If you use logrotate/newsyslog to rotate logfiles things will break if
> > you read from 514/udp/tcp or any other privilleged sources (like
> > /proc/kmsg on Linux) and send SIGHUP to syslog-ng to restart logfiles.
> > Those resources are no longer available once you dropped privilleges and
> > went to jail.
>
> /proc can be mounted inside the jail, so /proc/kmsg can be reopened
> while inside the jail.
Good point, didn't think of that
> A possible solution for /dev/log is to create it inside the jail and
> make a symbolic link from outside pointing to inside.
>
> There are no problems with opening TCP/UDP sources inside the jail.
Not with the jail itself but I cannot bind 514 when I dropped root
privilleges.
Thanks for the reply, have to think it over again :)
--
Wolfgang Braun, Dipl.-Inform. (FH)
<wolfgang.braun@gmx.de>
gpg-key: 1024D/4B32CE55
gpg-fingerprint: 7F0F DE82 94A5 B476 0E08 4972 AC95 31A3 4B32 CE55