Package: syslog-ng Version: 1.6.5-2.2 Severity: important If /dev is read-only, syslog-ng will give the error message "syslog-ngio.c: bind_unix_socket(): bind failed /dev/log (Address already in use)". The relevant section from `ltrace -LSf`:
-----8<-----------------------------------------------------------8<----- 664 SYS_pipe(0x584649b8, 0x8069858, 0, 0x805814f, 0) = 0 664 SYS_fork() = 12105 664 SYS_close(4 <unfinished ...> 12105 SYS_close(3 <unfinished ...> 664 <... SYS_close resumed> ) = 0 12105 <... SYS_close resumed> ) = 0 664 SYS_read(3, <unfinished ...> 12105 SYS_open("/var/run/syslog-ng.pid", 833, 0600) = 3 12105 SYS_getpid() = 12105 12105 SYS_write(3, "12105\n", 6) = 6 12105 SYS_close(3) = 0 12105 SYS_socketcall(1, 0x58464920, 0, 0x806ee50, 0x806ee50) = 3 12105 SYS_fcntl64(3, 3, 0x806ee50, 0x806ee50, 0x2662f880) = 2 12105 SYS_fcntl64(3, 4, 2050, 2050, 0x2662f880) = 0 12105 SYS_fcntl64(3, 2, 1, 1, 0x2662f880) = 0 12105 SYS_stat64(0x58464892, 0x5846475c, 0x2662f880, 0x58464890, 0x5846475c) = 0 12105 SYS_unlink(0x58464892, 0x58464830, 0x806ee50, 0x58464890, 0x58464892) = -30 12105 SYS_socketcall(2, 0x58464810, 0x2662fc40, 0x58464890, 0x58464892) = -98 12105 SYS_write(2, "io.c: bind_unix_socket(): bind f"..., 72) = 72 12105 SYS_close(3) = 0 12105 SYS_write(2, "Error initializing configuration"..., 43) = 43 12105 SYS_write(4, "\001", 1) = 1 12105 SYS_close(4) = 0 664 <... SYS_read resumed> "\001", 1) = 1 12105 SYS_exit_group(2) = <void> 12105 SYS_exit(2 <unfinished ...> 664 SYS_exit_group(1) = <void> 664 SYS_exit(1 <unfinished ...> 12105 +++ exited (status 2) +++ 664 +++ exited (status 1) +++ -----8<-----------------------------------------------------------8<----- The important lines are the "SYS_unlink(...) = -30" and "SYS_socketcall(2, ...) = -98". The first is failing because syslog-ng is attempting to unlink /dev/log, which fails due to /dev being read-only. I'm unsure of the SYS_socketcall(), but again traces to a read-only FS. This should not happen. On recent installations, most often /dev is a tmpfs and failing that read-write, but it is perfectly legitimate for it to be read-only. For people who run into this, this is a very serious bug. I cannot quite justify a grave severity as too few people have their systems this tightly locked down. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | [EMAIL PROTECTED] PGP 8881EF59 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]