[syslog-ng] syslog-ng 3.3.0beta2 chroot
Dave Haywood
tla at oak.selfip.net
Fri Sep 16 12:02:41 CEST 2011
Hi,
I have compiled syslog-ng 3.3.0beta2 under RHEL AS 4.8 (don't
ask) and am having a possible chroot() issue.
syslog-ng is running chroot as a non-root user. All the build
libraries etc (there were a lot to get this to run under RHEL 4.8)
are under /usr/local.
I already run syslog-ng 2.0.9 under RHEL AS 4.9.
I am seeing differences between the 2.0.9 and 3.3.0b2 releases.
The differences with 3.3.0b2 are:
1) daemon seems to switch user *before* binding the network
interfaces. This means I can't bind to TCP/UDP ports < 1024.
2) daemon chroot()s before loading the syslog-ng.conf file.
This means I have to mount the config dir under the chroot() dir.
So, my questions are:
1) Is the behaviour I describe in 3.3.30b2 intentional or could
this be a problem with my environment?
2) Why has the behaviour changed in this way?
3) If the daemon were to:
read the config file
bind the network interfaces
as root *before* dropping privelege and doing the chroot()
couldn't a lot of the chroot() hastle (below) be avoided?
I have 3.3.0b2 running chroot() but only by:
mount -o bind /lib /chrootdir/lib
mount -o bind /usr/local /chrootdir/usr/local
mount -o bind /dev /chrootdir/dev
changing the syslog-ng.conf TCP/UDP listen ports to be > 1024
Regards,
Dave.
More information about the syslog-ng
mailing list