[syslog-ng] [Bug 108] 2.6.38+ will require CAP_SYSLOG (CAP_SYS_ADMIN not enough)

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Fri Jul 8 12:40:47 CEST 2011


https://bugzilla.balabit.com/show_bug.cgi?id=108





--- Comment #25 from Matthias Runge <mrunge at fedoraproject.org>  2011-07-08 12:40:47 ---
(In reply to comment #24)
> 
> There's something broken on Fedora, I believe. Including <sys/capability.h> results in CAP_SYSLOG being defined, the kernel knows it too, so
> g_process_check_cap_syslog() will return TRUE, and we assume that libcap knows about the capability aswell (since sys/capability.h belongs to libcap-devel).
> 
> But it doesn't. Fedora seems to have libcap 2.17, while CAP_SYSLOG was introduced in 2.20. And there's a discrepancy between the headers (which suggest
> CAP_SYSLOG is supported) and libcap. I can modify the patch to fall back to cap_sys_admin=ep in case libcap does not support cap_syslog, but then we'd get the
> kernel warning again.
> 
Yeah, I've just found fedora bug
https://bugzilla.redhat.com/show_bug.cgi?id=689752
(about libcap version 2.20 released)

> The proper course of action would be to fix Fedora: either by upgrading libcap, or fixing the headers to not define CAP_SYSLOG (but then we're back to kernel
> warnings...).
> 
> In any case, in an up-to-date environment, where both the kernel and libcap support cap_syslog, my backport works. But if libcap doesn't support it, there's
> nothing syslog-ng can do.
> 
I understand. Thank you.


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the syslog-ng mailing list