Stuart VanZee wrote:
Hello OpenBSD Misc,I have been doing some work with chrooting user accounts for a project, and now I am looking to get syslogd working. I found out that I need a log socket in the chroot environ for this to work and the -a option does this fine and works great! BUT... now that I have one working, I need to be able to chroot a whole bunch of these and looking in the syslogd man page I see: -a path Specify a location where syslogd should place an additional log socket. Up to about 20 additional logging sockets can be speci- fied. The primary use for this is to place additional log sock- ets in /dev/log of various chroot filespaces. The part that worries me is the "Up to about 20" part. Is this a hard limit? Is there a way to extend this? I am looking at setting up around 100 user accounts like this but most of them will only be used a few times a month so I'm not really worried about resources too awful much. Currently I am using OpenBSD 4.3 s
Don't by any means take me as knowledgeable, I'm just a lurker, but I've seen a few places where it has been suggested that NFS can be used in a chroot environment to make things tidier and to provide a way for things in a chroot to get to non-chroot things. EG if you were to export an NFS share which contained the necessary socket (and perhaps anything else you fancied not having multiple copies of) and then mount it over localhost within the chroot, might that solve your problem? That way, syslog only has to pay attention to one extra socket, but many chroots can write to it.
This might use more resources than other solutions, but at least it doesn't require a recompile like Alexander Hall's MAXFUNIX tweak.
I'm assuming that sockets work over NFS of course. Anyone care to correct me?
Dave W
