[syslog-ng] syslog-ng 3.3.0beta2 chroot

Dave Haywood tla at oak.selfip.net
Fri Sep 16 12:02:41 CEST 2011


Hi,

   I have compiled syslog-ng 3.3.0beta2 under RHEL AS 4.8 (don't 
ask) and am having a possible chroot() issue.

   syslog-ng is running chroot as a non-root user.  All the build 
libraries etc (there were a lot to get this to run under RHEL 4.8) 
are under /usr/local.

   I already run syslog-ng 2.0.9 under RHEL AS 4.9.

   I am seeing differences between the 2.0.9 and 3.3.0b2 releases.  
The differences with 3.3.0b2 are:
     1) daemon seems to switch user *before* binding the network 
interfaces.  This means I can't bind to TCP/UDP ports < 1024.
     2) daemon chroot()s before loading the syslog-ng.conf file.  
This means I have to mount the config dir under the chroot() dir.

   So, my questions are:
     1) Is the behaviour I describe in 3.3.30b2 intentional or could 
this be a problem with my environment?
     2) Why has the behaviour changed in this way?
     3) If the daemon were to:
             read the config file
             bind the network interfaces
        as root *before* dropping privelege and doing the chroot() 
couldn't a lot of the chroot() hastle (below) be avoided?

   I have 3.3.0b2 running chroot() but only by:
     mount -o bind /lib /chrootdir/lib
     mount -o bind /usr/local /chrootdir/usr/local
     mount -o bind /dev /chrootdir/dev
     changing the syslog-ng.conf TCP/UDP listen ports to be > 1024

   Regards,

Dave.



More information about the syslog-ng mailing list