[syslog-ng] Redirect syslog-ng to ttyS0

Vidar Tyldum Hansen vidar at tyldum.com
Thu Nov 29 21:53:41 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Valdis.Kletnieks at vt.edu skrev:
> On Thu, 29 Nov 2007 11:14:12 +0100, Balazs Scheidler said:
> 
>> I think this is not a permission problem. syslog-ng opens the device
>> once, and then it is kept opened. Permissions checking is usually
>> applied at open time and not any later.
> 
> Note that on a Linux box that uses SELinux, it *is* possible for a file to
> be opened sucessfully, but later on a security context change on the file
> causes subsequent read/write activity to fail.
> 
> Before login:
> 
> % ls -lZ /dev/tty1
> crw-------  root root system_u:object_r:tty_device_t:s0 /dev/tty1
> 
> After login:
> 
> % ls -lZ /dev/tty1
> crw-------  valdis tty staff_u:object_r:staff_tty_device_t:s0 /dev/tty1
> 
> (This is with SELinux and the MLS stuff in place).
> 
> My best guess as to what's nuking things - flush_unauthorized_files() in
> security/hooks.c in the kernel.

This is Suse Enterprise Linux 10 (tailored for Ericsson PBX), and there
you have not SELinux, but AppArmor. That might provide the same
mechanism and be the culprit. Also explains why the behaviour does not
seem obvious to someonw who knows the syslog-ng codebase.

Thanks!

I have yet to test, but my proposed solution before your reply was to
create a fifo, have sylog-ng log there and use 'cat' as root to push it
to /dev/ttyS0.

I will now look into AppArmor policies.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHTybUsJJnSzEQqpgRAj7hAJ9epoAeL7FEQQ29+0QTgfvZg4IBtwCeNfQg
POGQStbuZAThO8hzq6jMmC4=
=pefK
-----END PGP SIGNATURE-----


More information about the syslog-ng mailing list