[syslog-ng] I/O error occurred while reading; fd='4',error='Operation not permitted (1)'
Florian Grandel
jerico.dev at gmail.com
Mon Nov 17 22:40:57 CET 2008
I Matt and Bazsi,
as Bazsi said, the problem is less one of syslog-ng but one of
permissions in the kernel. Access to /proc/kmsg is not only governed by
file permissions but also by process capabilities. In this case reading
from /proc/kmsg causes internal system calls that are only accessible to
the superuser.
There have been several kernel patches proposed ([1], [2], to give just
a few examples). Kernel developers have already extensively discussed
the topic [3].
The only practical solution I know of is the one implemented by Ubuntu
in their klogd init script. They are using a daemonized dd process
running as root that forwards messages from /proc/kmsg to the log process:
kmsgpipe=/var/run/klogd/kmsg
...
# create klog-writeable pid and fifo directory
mkdir -p /var/run/klogd
chown klog:klog /var/run/klogd
mkfifo -m 700 $kmsgpipe
chown klog:klog $kmsgpipe
# shovel /proc/kmsg to pipe readable by klogd user
start-stop-daemon --start --pidfile $kmsgpidfile --exec /bin/dd -b -m --
bs=1 if=/proc/kmsg of=$kmsgpipe
# start klogd as non-root with reading from kmsgpipe
start-stop-daemon --start --quiet --chuid klog --exec $binpath -- $KLOGD
I think that this exact solution can be easily ported to syslog-ng.
Florian
[1] http://lkml.indiana.edu/hypermail/linux/kernel/9806.3/0896.html
[2] http://lkml.indiana.edu/hypermail/linux/kernel/9811.1/0073.html
[3] http://readlist.com/lists/vger.kernel.org/linux-kernel/55/276838.html
More information about the syslog-ng
mailing list