[syslog-ng] I/O error occurred while reading; fd='4',error='Operation not permitted (1)'

Matt Miller syslog-ng at mattmillersf.fastmail.fm
Wed Jan 3 20:08:37 CET 2007


> "read(4, 0x55ad20, 8192)                 = -1 EPERM (Operation not
> permitted)"
>
> This is indicative of access control restrictions.  If you consider
> the file trying to be read ("/proc/kmsg") and it's permissions (only
> readable as root) it makes sense why you are getting permission errors

Okay, I see that /proc/kmsg was readable only by root.  However, I don't
seem to be able to get around this.  As shown below I can't seem to read
/proc/kmsg as user syslogng no matter what permissions I set:

mmiller at xpc1:~$ ls -l /var/local/chroot/syslogng/proc/kmsg
-rwxrwxrwx 1 syslogng syslogng 0 2007-01-03 18:19 /var/local/chroot/syslogng/proc/kmsg

mmiller at xpc1:~$ sudo -u syslogng cat /var/local/chroot/syslogng/proc/kmsg
cat: /var/local/chroot/syslogng/proc/kmsg: Operation not permitted

I realize that this may not strictly be a syslog-ng issue, but how can
I use syslog-ng's "-u" option for added security and still get at
/proc/kmsg?

> /var/log/syslog
> /var/log/messages
> /dev/xconsole
>
> File attribute changes are failing due to only being modifiable as
> root, but being modified as user "syslogng".

Okay, so apparently the process needs CAP_CHOWN privilege so
that the 'fchown' call can succeed?  I seem to be getting these
errors even if the files are already owned by the user that I specify
with syslog-ng's "-u" option.  Maybe syslog-ng should first check the
owner of the files before trying to change the owner?  I'm just
guessing here.

Also, I don't want to go to a lot of effort solely to get a clean 'strace.'
I do, though, want to avail myself of all of syslog-ng's abilities, and I
want to run as a user other than root.


More information about the syslog-ng mailing list