[syslog-ng] [Bug 31] sources are opened after dropping capabilities which prevents opening some
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Tue Feb 3 15:41:40 CET 2009
https://bugzilla.balabit.com/show_bug.cgi?id=31
Balazs Scheidler <bazsi at balabit.hu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Balazs Scheidler <bazsi at balabit.hu> 2009-02-03 15:41:40 ---
(In reply to comment #0)
> mkdir /test/
> mkfifo /test/fifo
> chmod 0 /test
>
> and use pipe('/test/fifo') as source. syslog-ng 3.0.1 will fail with permission denied because it can't access /test/fifo due to dropped capabilities.
>
> This is real example from Linux Vserver based system where /vservers has always 0 permission.
>
> The solution would be probably to not drop some caps until sources are opened.
>
but then the same thing would happen once syslog-ng gets SIGHUP-ed. you can granularly control which capabilities are dropped, and also you can
also disable capability dropping altogether:
syslog-ng --help-all
...
-C, --caps=<capspec> Set default capability set
-N, --no-caps Disable managing Linux capabilities
...
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list