[syslog-ng] I/O error occurred while reading; fd='4',error='Operation not permitted (1)'
Florian Grandel
jerico.dev at gmail.com
Wed Nov 19 02:01:03 CET 2008
Hi Bazsi,
> As there are two alternatives for running syslog-ng as non-root, I would
> not like to add this hack to syslog-ng:
> 1) run klogd, just as before
> 2) run syslog-ng 3.0, which manages its own capabilities, with
> CAP_SYS_ADMIN present in the cap-set /proc/kmsg can be read.
Both alternatives are not (yet) available in some Linux standard
distributions (namely Debian and Ubuntu). This is not your problem,
sure, just to explain the practical relevance of the workaround:
1) Before implementing my dd workaround I had already tried the klogd
solution which I think would be the cleanest solution. On Debian/Ubuntu,
however, syslog-ng and klogd are conflicting packages and cannot be
installed alongside each other. Even worse: klogd depends on sysklogd
which naturally conflicts with syslog-ng. So currently there is no way
to get both installed without cleaning up this dependency mess (which
probably won't be so easy).
2) As you mention yourself: maintaining CAP_SYS_ADMIN privilege is
contrary to most of the rationale for dropping root privilege in the
first place. It provides very powerful privileges to syslog_ng just to
access /proc/kmsg which may not be acceptable to everybody. Apart from
that V3.0 is not (yet) available for Ubuntu/Debian.
Florian
More information about the syslog-ng
mailing list