Re: [rsyslog] Running rsyslog with chroot jail

Tue, 27 Mar 2012 11:59:40 -0700 

hmm, if you try to do 'touch /var/rcynic/dev/log' what happens
/dev/log should not be a symlink, it's a unix domain socket that gets created by rsyslog the first time it starts.
I suggested changing permissions and adding root the the rcynic group. you need to logout and login after you make the change to the group for it to take effect. 

David Lang

On Tue, 27 Mar 2012, Manh Do wrote:


Hello Dave,

When I removed the sym link /var/rcynic/dev/log then I got back the error 
'Permission denied':


Mar 27 11:13:40 mycentos kernel: Kernel logging (proc) stopped.
Mar 27 11:13:40 mycentos rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" 
x-pid="14167" x-info="http://www.rsyslog.com";] exiting on signal 15.
Mar 27 11:13:40 mycentos rsyslogd: connot create '/var/rcynic/dev/log': 
Permission denied
Mar 27 11:13:40 mycentos kernel: imklog 4.6.2, log source = /proc/kmsg started.
Mar 27 11:13:40 mycentos rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" 
x-pid="14230" x-info="http://www.rsyslog.com";] (re)start
Note that I've created the inode '/var/rcynic/dev/log' as a sym link exactly as the inode /dev/log. 

Thanks,
Manh

-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of [email protected]
Sent: Tuesday, March 27, 2012 10:49 AM
To: rsyslog-users
Subject: Re: [rsyslog] Running rsyslog with chroot jail

On Tue, 27 Mar 2012, Manh Do wrote:


Hello Dave,

I've followed your suggestions by adding root to the rcynic group and
changing the /var/rcynic permissions to 720 but then now I'm getting the
error 'Address already in use':



Mar 27 09:49:13 mycentos rsyslogd: connot create '/var/rcynic/dev/log': Address 
already in use


This should mean that there is already some sort of file at
'/var/rcynic/dev/log' delete it and try again.

David Lang



Mar 27 09:49:13 mycentos rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" 
x-pid="11097" x-info="http://www.rsyslog.com";] exiting on signal 15.
Mar 27 09:49:13 mycentos kernel: imklog 4.6.2, log source = /proc/kmsg started.
Mar 27 09:49:13 mycentos rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" 
x-pid="11665" x-info="http://www.rsyslog.com";] (re)start
Mar 27 10:08:06 mycentos dhclient[1096]: DHCPREQUEST on eth0 to 10.255.255.254 
port 67 (xid=0xf73ae13)
Mar 27 10:08:06 mycentos dhclient[1096]: DHCPACK from 10.255.255.254 
(xid=0xf73ae13)
Mar 27 10:08:06 mycentos dhclient[1096]: bound to 10.255.255.45 -- renewal in 
6353 seconds.


I did have the following two lines in the file /etc/rsyslog.conf:

$ModLoad imuxsock.so
$AddUnixListenSocket    /var/rcynic/dev/log


Thanks for your help,
Manh


-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of [email protected]
Sent: Monday, March 26, 2012 11:02 PM
To: rsyslog-users
Subject: Re: [rsyslog] Running rsyslog with chroot jail

sorry, I managed to miss that.

since dev is owned by root, why can't rsyslog create the socket in it?

try putting root in the rcynic group and changing the /var/rsynic
permissions from 700 to 720 (to allow root to cd to /var/rcynic)

David Lang

On Mon, 26 Mar 2012, Manh Do wrote:


Date: Mon, 26 Mar 2012 13:28:19 -0700
From: Manh Do <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] Running rsyslog with chroot jail

Hello Dave,

I do have the directory /var/rcynic/dev and here are its permissions:

[root@mycentos rcynic]# pwd
/var/rcynic
[root@mycentos rcynic]# ls -al
total 44
drwx------.  8 rcynic rcynic 4096 Mar 26 09:35 .
drwxr-xr-x. 22 root   root   4096 Mar 26 09:34 ..
-rw-r--r--.  1 rcynic rcynic   18 Dec  2 06:27 .bash_logout
-rw-r--r--.  1 rcynic rcynic  176 Dec  2 06:27 .bash_profile
-rw-r--r--.  1 rcynic rcynic  124 Dec  2 06:27 .bashrc
dr-xr-xr-x.  2 root   root   4096 Mar 26 09:35 bin
drwxr-xr-x.  5 rcynic rcynic 4096 Mar 26 13:06 data
drwxr-xr-x.  2 root   root   4096 Mar 26 09:35 dev
dr-xr-xr-x.  3 root   root   4096 Mar 26 09:35 etc
dr-xr-xr-x.  2 root   root   4096 Mar 26 09:35 lib64
drwxr-xr-x.  3 root   root   4096 Mar 26 09:35 usr
[root@mycentos rcynic]#


Thanks,
Manh

-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of [email protected]
Sent: Monday, March 26, 2012 1:17 PM
To: rsyslog-users
Subject: Re: [rsyslog] Running rsyslog with chroot jail

In your case the problem is that you don't have the directory
/var/rcynic/dev

rsyslog will create the file, but not the directory.

David Lang

On Mon, 26 Mar 2012, Manh Do wrote:


Hello David,

Thanks for the quick reply. Here are the permissions that I've set for the file 
/var/rcynic

[root@mycentos var]# pwd
/var
[root@mycentos var]# ls -al
total 88
drwxr-xr-x. 22 root   root   4096 Mar 26 09:34 .
dr-xr-xr-x. 25 root   root   4096 Mar 23 14:19 ..
drwxr-xr-x.  2 root   root   4096 Mar 16 13:40 account
drwxr-xr-x. 12 root   root   4096 Mar 16 15:20 cache
drwxr-xr-x.  2 root   root   4096 Dec  7 17:17 crash
drwxr-xr-x.  2 root   root   4096 Feb 22 03:52 cvs
drwxr-xr-x.  3 root   root   4096 Mar 16 13:40 db
drwxr-xr-x.  3 root   root   4096 Mar 16 13:40 empty
drwxr-xr-x.  2 root   root   4096 Sep 23  2011 games
drwxr-xr-x. 32 root   root   4096 Mar 19 10:48 lib
drwxr-xr-x.  2 root   root   4096 Sep 23  2011 local
drwxrwxr-x.  5 root   lock   4096 Mar 26 03:43 lock
drwxr-xr-x. 11 root   root   4096 Mar 25 03:37 log
lrwxrwxrwx.  1 root   root     10 Mar 16 13:00 mail -> spool/mail
drwxr-xr-x.  2 root   root   4096 Sep 23  2011 nis
drwxr-xr-x.  2 root   root   4096 Sep 23  2011 opt
drwxr-xr-x.  2 root   root   4096 Sep 23  2011 preserve
drwx------.  8 rcynic rcynic 4096 Mar 26 09:35 rcynic
drwxr-xr-x. 22 root   root   4096 Mar 26 12:50 run
drwxr-xr-x. 12 root   root   4096 Mar 16 13:38 spool
drwxrwxrwt.  2 root   root   4096 Mar 22 16:33 tmp
drwxr-xr-x.  6 root   root   4096 Mar 16 15:20 www
drwxr-xr-x.  3 root   root   4096 Mar 16 13:37 yp
[root@mycentos var]#


Thanks for your help,
Manh



-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of [email protected]
Sent: Monday, March 26, 2012 11:54 AM
To: rsyslog-users
Subject: Re: [rsyslog] Running rsyslog with chroot jail

what are the permissions on the file /var/rcynic?

If rsyslog doesn't have permissions to create the socket there, it's not
going to be able to work, but I don't see how giving root the permission
to create that socket defeats the purpose of the chroot.

David Lang


 On Mon, 26 Mar
2012, Manh Do wrote:


Date: Mon, 26 Mar 2012 09:55:48 -0700
From: Manh Do <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: "[email protected]" <[email protected]>
Subject: [rsyslog] Running rsyslog with chroot jail

Hello All,

I've tried to run the rsyslog with a chroot jail 'rcynic' so I've added the 
following statement to the /etc/rsyslog.conf file:

$AddUnixListenSocket                  /var/rcynic/dev/log

However, the log file has the following error message:

Mar 22 14:52:53 mycentos abrtd: Init complete, entering main loop
Mar 22 14:52:53 mycentos qpidd[1695]: 2012-03-22 14:52:53 notice Listening on 
TCP port 5672
Mar 22 14:52:53 mycentos qpidd[1695]: 2012-03-22 14:52:53 notice SSL plugin not 
enabled, you must set --ssl-cert-db to enable it.
Mar 22 14:52:53 mycentos qpidd[1695]: 2012-03-22 14:52:53 notice Broker running
Mar 22 15:03:55 mycentos kernel: Kernel logging (proc) stopped.
Mar 22 15:03:55 mycentos rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" 
x-pid="1166" x-info="http://www.rsyslog.com";] exiting on signal 15.
Mar 22 15:03:55 mycentos rsyslogd: connot create '/var/rcynic/dev/log': 
Permission denied
Mar 22 15:03:55 mycentos kernel: imklog 4.6.2, log source = /proc/kmsg started.
Mar 22 15:03:55 mycentos rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" 
x-pid="2291" x-info="http://www.rsyslog.com";] (re)start

Note the typo error 'connot'. If I change the file permissions then it defeats 
the purpose of the chroot mechanism. Do you have any suggestions on how to 
correctly setup the rsyslog for a chroot jail?


Thanks,
Manh


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/

Reply via email to