You are not logged in.

Pages: 1

#1 2011-01-22 15:23:45

eldragon
Member
From: Buenos Aires
Registered: 2008-11-18
Posts: 1,029

[SOLVED] kernel 2.6.38-rc and syslog

according to https://lkml.org/lkml/2010/11/25/285

now there is an error during boot which looks like this:

[    9.890305] WARNING: at kernel/printk.c:430 do_syslog+0x427/0x452()
[    9.890318] Hardware name: 2764CTO
[    9.890320] Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated and denied).

from my understanding, CAP_SYS_ADMIN is deprecated, and now CAP_SYSLOG is required instead.

now for the arch part: where do i fix this in userspace? ive been searching the init scripts for this but i cannot find it.

ideally i would like to check the kernel version and set up accordingly.

thanks in advance.

EDIT: and ive unset CONFIG_SECURITY_DMESG_RESTRICT in the kernel config which im not entirely sure if it has something to do.

Last edited by eldragon (2011-01-23 14:55:51)

Offline

#2 2011-01-22 17:38:29

dvdhrm
Member
From: Germany
Registered: 2011-01-22
Posts: 23

Re: [SOLVED] kernel 2.6.38-rc and syslog

CONFIG_SECURITY_DMESG_RESTRICT is new in 2.6.37 and prevents syslog access to processes which do not have the appropriate rights so you did the only useful thing here by disabling it.
Since this is an RC version you probably need to wait for the release to get this fixed.

Offline

#3 2011-01-22 20:28:33

eldragon
Member
From: Buenos Aires
Registered: 2008-11-18
Posts: 1,029

Re: [SOLVED] kernel 2.6.38-rc and syslog

dvdhrm wrote:

Since this is an RC version you probably need to wait for the release to get this fixed.

well, this is the obvious thing to do. but in the mean time im trying to fix it myself if i can.

userspace needs to be updated to reflect this change, i was wondering if anyone could point me to the right direction.

ive been looking into the code of minilogd but the problem is obviously not there.

now im looking into sysvinit now to see if i can find something there

EDIT: it appears syslog-ng needs to be updated. i found a patch somewhere that seems to do the trick. ill test it when i get home .

Last edited by eldragon (2011-01-22 21:00:28)

Offline

#4 2011-01-22 21:05:13

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: [SOLVED] kernel 2.6.38-rc and syslog

Upstream bug report:

https://bugzilla.balabit.com/show_bug.cgi?id=108

Also, https://bugs.archlinux.org/task/22555

Last edited by falconindy (2011-01-22 21:28:06)

blog | ±github

Offline

#5 2011-01-22 21:26:17

dvdhrm
Member
From: Germany
Registered: 2011-01-22
Posts: 23

Re: [SOLVED] kernel 2.6.38-rc and syslog

This is only about the kernel ring-buffer control, there shouldn't be any userspace programs using that except the syslogger so I don't understand why bother so much. The option is disabled by default (CONFIG_SECURITY_DMESG_RESTRICT=N) so if you enable it on purpose you should know what you do wink Anyway, upstream bug...

Offline

#6 2011-01-22 21:59:37

eldragon
Member
From: Buenos Aires
Registered: 2008-11-18
Posts: 1,029

Re: [SOLVED] kernel 2.6.38-rc and syslog

dvdhrm wrote:

This is only about the kernel ring-buffer control, there shouldn't be any userspace programs using that except the syslogger so I don't understand why bother so much. The option is disabled by default (CONFIG_SECURITY_DMESG_RESTRICT=N) so if you enable it on purpose you should know what you do wink Anyway, upstream bug...

i guess you havent read the entire thread so i'll quote the relevant bits for you

EDIT: and ive unset CONFIG_SECURITY_DMESG_RESTRICT in the kernel config which im not entirely sure if it has something to do.

anyway, since there is an upstream bugreport, i guess there was something wrong.

Offline

#7 2011-01-23 01:12:21

combuster
Member
From: Serbia
Registered: 2008-09-30
Posts: 711
Website

Re: [SOLVED] kernel 2.6.38-rc and syslog

There wasn't anything wrong, this was intentionally introduced. Only thing is how all this will be resolved, in userspace or by reverting troublesome commit in kernel. CONFIG_SECURITY_DMESG_RESTRICT configuration does not affect the outcome of this warning.

Offline

#8 2011-01-23 02:11:32

eldragon
Member
From: Buenos Aires
Registered: 2008-11-18
Posts: 1,029

Re: [SOLVED] kernel 2.6.38-rc and syslog

combuster wrote:

There wasn't anything wrong, this was intentionally introduced. Only thing is how all this will be resolved, in userspace or by reverting troublesome commit in kernel. CONFIG_SECURITY_DMESG_RESTRICT configuration does not affect the outcome of this warning.

exactly..

anyway, the breakage was apparently intentional and userspace is already moving forward.

Offline

#9 2011-01-23 02:42:49

andrewthomas
Member
Registered: 2010-05-08
Posts: 52

Re: [SOLVED] kernel 2.6.38-rc and syslog

I was having this problem and I first tried to update the PKGBUILD to 3.2.2 and that did not solve the problem.

Then, I noticed that I did not have this problem with gentoo and saw that it was using 3.1.3, so I changed the PKGBUILD to build 3.1.3 and it works just fine with 2.6.38-rc1.

If this helped you, please take the time to rate the value of this post:
http://rate.affero.net/andrewthomas/

Offline

#10 2011-01-23 12:33:47

eldragon
Member
From: Buenos Aires
Registered: 2008-11-18
Posts: 1,029

Re: [SOLVED] kernel 2.6.38-rc and syslog

libcap 2.20 is already in testing.

building 3.2.1 with the patch in the arch bug report fixes the problem.

why it does work with 3.1.3 is a mystery to me wink

Offline

#11 2011-01-25 22:38:23

andrewthomas
Member
Registered: 2010-05-08
Posts: 52

Re: [SOLVED] kernel 2.6.38-rc and syslog

I patched the syslog-ng PKGBUILD with one of the patches from the arch bug report.  It checks for the kernel version and acts accordingly. 

Xavier (shining) wrote:

Attached a trivial port of the patch to 3.2.2 - the concerned code did not change, just the file paths did, so I had to apply the patch manually.
   cap_syslog.patch

https://aur.archlinux.org/packages.php?ID=45781

I tested it on kernel26, kernel26-lts and 2.6.38-rc2.

If this helped you, please take the time to rate the value of this post:
http://rate.affero.net/andrewthomas/

Offline

#12 2011-02-12 00:34:56

ejmarkow
Member
From: Siemiechów, Poland
Registered: 2008-09-02
Posts: 84
Website

Re: [SOLVED] kernel 2.6.38-rc and syslog

The patch for this issue was included in patch-2.6.38-rc4-git4 today on 2011-02-11. More details below:    

http://git.kernel.org/?p=linux/kernel/g … 947b3130c0

------------------------------------------
cap_syslog: accept CAP_SYS_ADMIN for now

In commit ce6ada35bdf7 ("security: Define CAP_SYSLOG") Serge Hallyn
introduced CAP_SYSLOG, but broke backwards compatibility by no longer
accepting CAP_SYS_ADMIN as an override (it would cause a warning and
then reject the operation).

Re-instate CAP_SYS_ADMIN - but keeping the warning - as an acceptable
capability until any legacy applications have been updated.  There are
apparently applications out there that drop all capabilities except for
CAP_SYS_ADMIN in order to access the syslog.

(This is a re-implementation of a patch by Serge, cleaning the logic up
and making the code more readable)

kernel/printk.c
------------------------------------------

Offline

Pages: 1

Board footer

Powered by FluxBB