[syslog-ng] [Bug 108] 2.6.38+ will require CAP_SYSLOG (CAP_SYS_ADMIN not enough)
Matthew Hall
mhall at mhcomputing.net
Thu Jan 20 18:26:15 CET 2011
On Thu, Jan 20, 2011 at 06:16:16PM +0100, bugzilla at bugzilla.balabit.com wrote:
> --- Comment #7 from Gergely Nagy <algernon at balabit.hu> 2011-01-20 18:16:16 ---
> Did some more research, and this is looking to be harder and harder
> without some kind of version sniffing.
>
> Using a libcap that doesn't know a thing about CAP_SYSLOG, syslog-ng
> will abort on 'cap_syslog=ep' on startup, regardless of what kernel is
> running under it (tested with stock Debian Squeeze kernel,
> 2.6.32+patches, no CAP_SYSLOG; and with 2.6.38-rc1 with CAP_SYSLOG).
> Using a patched libcap that does know about CAP_SYSLOG will succeed,
> on both kernels, and even if I try to verify that the process has the
> flag I just set, it still returns true for both kernels, regardless
> whether they do support CAP_SYSLOG or not.
>
> This looks rather hopeless to me, unfortunately.
You didn't clarify the cause of the abort. Perhaps something could be
done to prevent the abort from occurring? If not I suppose you are
hosed.
Regarding the success in the patched library, you could figure out it
didn't work by getting back an error when you open the syslog device,
and then try again with the admin capability set, no?
Matthew.
More information about the syslog-ng
mailing list