[syslog-ng] I/O error occurred while reading;
fd='4',error='Operation not permitted (1)'
Balazs Scheidler
bazsi at balabit.hu
Wed Jan 3 20:33:31 CET 2007
On Wed, 2007-01-03 at 20:08 +0100, Matt Miller wrote:
> > "read(4, 0x55ad20, 8192) = -1 EPERM (Operation not
> > permitted)"
> >
> > This is indicative of access control restrictions. If you consider
> > the file trying to be read ("/proc/kmsg") and it's permissions (only
> > readable as root) it makes sense why you are getting permission errors
>
> Okay, I see that /proc/kmsg was readable only by root. However, I don't
> seem to be able to get around this. As shown below I can't seem to read
> /proc/kmsg as user syslogng no matter what permissions I set:
>
> mmiller at xpc1:~$ ls -l /var/local/chroot/syslogng/proc/kmsg
> -rwxrwxrwx 1 syslogng syslogng 0 2007-01-03 18:19 /var/local/chroot/syslogng/proc/kmsg
>
> mmiller at xpc1:~$ sudo -u syslogng cat /var/local/chroot/syslogng/proc/kmsg
> cat: /var/local/chroot/syslogng/proc/kmsg: Operation not permitted
>
> I realize that this may not strictly be a syslog-ng issue, but how can
> I use syslog-ng's "-u" option for added security and still get at
> /proc/kmsg?
I think this might be caused by something like SELinux, which prevents
reading /proc/kmsg from a chroot.
When normal access control rules are in effect, then once a file is
opened it will remain readable for as long as the process keeps it
opened.
--
Bazsi
More information about the syslog-ng
mailing list