[syslog-ng] [Bug 108] 2.6.38+ will require CAP_SYSLOG (CAP_SYS_ADMIN not enough)
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Fri Jul 15 10:11:04 CEST 2011
https://bugzilla.balabit.com/show_bug.cgi?id=108
--- Comment #28 from Gergely Nagy <algernon at balabit.hu> 2011-07-15 10:11:04 ---
(In reply to comment #27)
> (In reply to comment #26)
> > The backport integrated to 3.2/master.
> >
> > Thanks Gergely.
> >
>
> Applying above patch to my fedora build results in
>
> [root at mrungexp ~]# syslog-ng
> syslog-ng: Error parsing capabilities: cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p
> cap_syslog=ep
>
> rpm -q libcap
> libcap-2.17-2.fc15.x86_64
>
> I know, this version is outdated....
>
> syslog-ng without this patch starts fine...
>
That's expected. The patch assumes that libcap's version and <sys/capability.h> are in sync, which on Fedora, they're not. The workaround is to disable
capabilities until libcap is upgraded to a newer version.
Alternatively, I can prepare a patch that falls back to CAP_SYS_ADMIN in this case, but that'll result in a kernel warning, and we're back to square one.
There's already a bug filed at redhat's bugzilla to include a newer libcap: https://bugzilla.redhat.com/show_bug.cgi?id=689752
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list