[syslog-ng]FAQ-seeding: chroot jail procedure for Syslog-ng

Wolfgang Braun syslog-ng@lists.balabit.hu
Mon, 24 Jan 2005 11:19:04 +0100

On Mon, Jan 24, 2005 at 10:04:28AM +0100, Balazs Scheidler wrote:
> On Sun, 2005-01-23 at 22:03 +0100, Wolfgang Braun wrote:
> > 
> > If you use logrotate/newsyslog to rotate logfiles things will break if
> > you read from 514/udp/tcp or any other privilleged sources (like
> > /proc/kmsg on Linux) and send SIGHUP to syslog-ng to restart logfiles.
> > Those resources are no longer available once you dropped privilleges and
> > went to jail. 
> /proc can be mounted inside the jail, so /proc/kmsg can be reopened
> while inside the jail.

Good point, didn't think of that 
> A possible solution for /dev/log is to create it inside the jail and
> make a symbolic link from outside pointing to inside.
> There are no problems with opening TCP/UDP sources inside the jail.

Not with the jail itself but I cannot bind 514 when I dropped root

Thanks for the reply, have to think it over again :)

Wolfgang Braun, Dipl.-Inform. (FH)
gpg-key:  1024D/4B32CE55 
gpg-fingerprint: 7F0F DE82 94A5 B476 0E08  4972 AC95 31A3 4B32 CE55