You are not logged in.

#1 2011-02-12 11:02:31

legolas558
Member
Registered: 2009-09-08
Posts: 97

syslog-ng failing to start!

syslog-ng is failing to start with my vanilla 2.6.38-rc4 kernel!

This is the output after running syslog-ng -d as root:

Trying to open module; module='syslogformat', filename='/usr/lib/syslog-ng/libsyslogformat.so'
Trying to open module; module='basicfuncs', filename='/usr/lib/syslog-ng/libbasicfuncs.so'
Trying to open module; module='afsocket', filename='/usr/lib/syslog-ng/libafsocket.so'
Trying to open module; module='affile', filename='/usr/lib/syslog-ng/libaffile.so'
Trying to open module; module='afprog', filename='/usr/lib/syslog-ng/libafprog.so'
Trying to open module; module='afuser', filename='/usr/lib/syslog-ng/libafuser.so'
Trying to open module; module='dbparser', filename='/usr/lib/syslog-ng/libdbparser.so'
Trying to open module; module='csvparser', filename='/usr/lib/syslog-ng/libcsvparser.so'
Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)'
Error initializing source driver; source='src', id='src#2'
Error initializing message pipeline;

What kernel config parameter shall I tweak to get back this daemon working? Or maybe the issue is somewhere else?

Thanks


.-.   ,---,---.--.
| |__  \ \ \ \`//.
`----'`--'`--'`--'

Offline

#2 2011-02-12 11:11:02

Allan
is always right
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,467
Website

Offline

#3 2011-02-12 17:04:18

ejmarkow
Member
From: Siemiechów, Poland
Registered: 2008-09-02
Posts: 84
Website

Re: syslog-ng failing to start!

@legolas558 / @Allan,

The fix for this issue was included in patch-2.6.38-rc4-git4 recently on 2011-02-11. More details below:   

http://git.kernel.org/?p=linux/kernel/g … 947b3130c0

------------------------------------------
cap_syslog: accept CAP_SYS_ADMIN for now

In commit ce6ada35bdf7 ("security: Define CAP_SYSLOG") Serge Hallyn
introduced CAP_SYSLOG, but broke backwards compatibility by no longer
accepting CAP_SYS_ADMIN as an override (it would cause a warning and
then reject the operation).

Re-instate CAP_SYS_ADMIN - but keeping the warning - as an acceptable
capability until any legacy applications have been updated.  There are
apparently applications out there that drop all capabilities except for
CAP_SYS_ADMIN in order to access the syslog.

(This is a re-implementation of a patch by Serge, cleaning the logic up
and making the code more readable)

kernel/printk.c
------------------------------------------


Simply apply the patch-2.6.38-rc4-git4 to kernel 2.6.38-rc4, compile, and install. Works perfectly for me.

Cheers,

Eugene

Last edited by ejmarkow (2011-02-12 17:05:05)

Offline

Board footer

Powered by FluxBB