[syslog-ng] I/O error occurred while reading; fd='4',error='Operation not permitted (1)'

Balazs Scheidler bazsi at balabit.hu
Wed Jan 3 20:33:31 CET 2007

On Wed, 2007-01-03 at 20:08 +0100, Matt Miller wrote:
> > "read(4, 0x55ad20, 8192)                 = -1 EPERM (Operation not
> > permitted)"
> >
> > This is indicative of access control restrictions.  If you consider
> > the file trying to be read ("/proc/kmsg") and it's permissions (only
> > readable as root) it makes sense why you are getting permission errors
> Okay, I see that /proc/kmsg was readable only by root.  However, I don't
> seem to be able to get around this.  As shown below I can't seem to read
> /proc/kmsg as user syslogng no matter what permissions I set:
> mmiller at xpc1:~$ ls -l /var/local/chroot/syslogng/proc/kmsg
> -rwxrwxrwx 1 syslogng syslogng 0 2007-01-03 18:19 /var/local/chroot/syslogng/proc/kmsg
> mmiller at xpc1:~$ sudo -u syslogng cat /var/local/chroot/syslogng/proc/kmsg
> cat: /var/local/chroot/syslogng/proc/kmsg: Operation not permitted
> I realize that this may not strictly be a syslog-ng issue, but how can
> I use syslog-ng's "-u" option for added security and still get at
> /proc/kmsg?

I think this might be caused by something like SELinux, which prevents
reading /proc/kmsg from a chroot.

When normal access control rules are in effect, then once a file is
opened it will remain readable for as long as the process keeps it


More information about the syslog-ng mailing list