Package: syslog-ng
Version: 1.6.5-2.2
Severity: important
If /dev is read-only, syslog-ng will give the error message
"syslog-ngio.c: bind_unix_socket(): bind failed /dev/log (Address already
in use)". The relevant section from `ltrace -LSf`:
-----8<-----------------------------------------------------------8<-----
664 SYS_pipe(0x584649b8, 0x8069858, 0, 0x805814f, 0) = 0
664 SYS_fork() = 12105
664 SYS_close(4 <unfinished ...>
12105 SYS_close(3 <unfinished ...>
664 <... SYS_close resumed> ) = 0
12105 <... SYS_close resumed> ) = 0
664 SYS_read(3, <unfinished ...>
12105 SYS_open("/var/run/syslog-ng.pid", 833, 0600) = 3
12105 SYS_getpid() = 12105
12105 SYS_write(3, "12105\n", 6) = 6
12105 SYS_close(3) = 0
12105 SYS_socketcall(1, 0x58464920, 0, 0x806ee50, 0x806ee50) = 3
12105 SYS_fcntl64(3, 3, 0x806ee50, 0x806ee50, 0x2662f880) = 2
12105 SYS_fcntl64(3, 4, 2050, 2050, 0x2662f880) = 0
12105 SYS_fcntl64(3, 2, 1, 1, 0x2662f880) = 0
12105 SYS_stat64(0x58464892, 0x5846475c, 0x2662f880, 0x58464890, 0x5846475c) = 0
12105 SYS_unlink(0x58464892, 0x58464830, 0x806ee50, 0x58464890, 0x58464892) =
-30
12105 SYS_socketcall(2, 0x58464810, 0x2662fc40, 0x58464890, 0x58464892) = -98
12105 SYS_write(2, "io.c: bind_unix_socket(): bind f"..., 72) = 72
12105 SYS_close(3) = 0
12105 SYS_write(2, "Error initializing configuration"..., 43) = 43
12105 SYS_write(4, "\001", 1) = 1
12105 SYS_close(4) = 0
664 <... SYS_read resumed> "\001", 1) = 1
12105 SYS_exit_group(2) = <void>
12105 SYS_exit(2 <unfinished ...>
664 SYS_exit_group(1) = <void>
664 SYS_exit(1 <unfinished ...>
12105 +++ exited (status 2) +++
664 +++ exited (status 1) +++
-----8<-----------------------------------------------------------8<-----
The important lines are the "SYS_unlink(...) = -30" and
"SYS_socketcall(2, ...) = -98". The first is failing because syslog-ng is
attempting to unlink /dev/log, which fails due to /dev being read-only.
I'm unsure of the SYS_socketcall(), but again traces to a read-only FS.
This should not happen. On recent installations, most often /dev is a
tmpfs and failing that read-write, but it is perfectly legitimate for it
to be read-only.
For people who run into this, this is a very serious bug. I cannot quite
justify a grave severity as too few people have their systems this
tightly locked down.
--
(\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/)
\BS ( | [EMAIL PROTECTED] PGP 8881EF59 | ) /
\_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/
\___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
