[syslog-ng] [PATCH] gprocess: Implement stricter CAP_SYSLOG checking.
Balazs Scheidler
bazsi at balabit.hu
Tue Sep 27 20:46:18 CEST 2011
On Sun, 2011-09-25 at 13:43 +0200, Gergely Nagy wrote:
> Some distributions ship libcap with headers generated from the kernel
> sources, instead of the headers of libcap itself, resulting in the
> headers and the library diagreeing about what capabilities are
> supported.
>
> For this reason, before deciding whether CAP_SYSLOG is supported,
> verify that libcap can actually parse it, and fall back to
> CAP_SYS_ADMIN if it can't.
>
> The benefit of this is that even if ran on such a system, syslog-ng
> will still continue to work (albeit triggering a kernel warning)
> instead of terminating.
>
> Signed-off-by: Gergely Nagy <algernon at balabit.hu>
> ---
> lib/gprocess.c | 8 ++++++++
> 1 files changed, 8 insertions(+), 0 deletions(-)
applied, thanks Gergely.
--
Bazsi
More information about the syslog-ng
mailing list