[syslog-ng] I/O error occurred while reading; fd='4',error='Operation not permitted (1)'

Florian Grandel jerico.dev at gmail.com
Wed Nov 19 02:01:03 CET 2008


Hi Bazsi,

> As there are two alternatives for running syslog-ng as non-root, I would
> not like to add this hack to syslog-ng:
>   1) run klogd, just as before
>   2) run syslog-ng 3.0, which manages its own capabilities, with
> CAP_SYS_ADMIN present in the cap-set /proc/kmsg can be read.

Both alternatives are not (yet) available in some Linux standard 
distributions (namely Debian and Ubuntu). This is not your problem, 
sure, just to explain the practical relevance of the workaround:

1) Before implementing my dd workaround I had already tried the klogd 
solution which I think would be the cleanest solution. On Debian/Ubuntu, 
however, syslog-ng and klogd are conflicting packages and cannot be 
installed alongside each other. Even worse: klogd depends on sysklogd 
which naturally conflicts with syslog-ng. So currently there is no way 
to get both installed without cleaning up this dependency mess (which 
probably won't be so easy).

2) As you mention yourself: maintaining CAP_SYS_ADMIN privilege is 
contrary to most of the rationale for dropping root privilege in the 
first place. It provides very powerful privileges to syslog_ng just to 
access /proc/kmsg which may not be acceptable to everybody. Apart from 
that V3.0 is not (yet) available for Ubuntu/Debian.

Florian


More information about the syslog-ng mailing list