[syslog-ng] I/O error occurred while reading; fd='4',error='Operation not permitted (1)'

Justin Randall jrandall at comwave.net
Wed Jan 3 00:32:18 CET 2007

You are correct in that fd 4 is /proc/kmsg as this can be verified in
the line:

open("/proc/kmsg", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 4

The returned value for the call to "open" is the file descriptor.
Calling "chroot" in between calls to "open" and "read" is not a problem.
I've written another application which does without problems.

I think however, that the path used when opening the file should be
changed to the full path rather than the chroot'd absolute path.  Since
the call to "open" is done to "/proc/kmsg" before the chroot, this falls
outside of the jail's access.  Try changing the path to
"/var/local/chroot/syslogng/proc/kmsg" and see if this resolves the

I hope this helps,


-----Original Message-----
From: Matt Miller [mailto:syslog-ng at mattmillersf.fastmail.fm] 
Sent: Tuesday, January 02, 2007 5:18 PM
To: Syslog-ng users' and developers' mailing list
Subject: RE: [syslog-ng] I/O error occurred while reading;
fd='4',error='Operation not permitted (1)'

> > running in a jail via the "-C" option, but ... syslog-ng[19522]:
> > I/O error occurred while reading; fd='4', error='Operation not
> >   permitted (1)'
> Looking at that attached output, my best guess at what's opened on
> descriptor 4 is /proc/kmsg.

Could the problem be that /proc/kmsg is opened before the chroot, but
then read after the chroot?
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list