[Slugnet] SuSE chroot and syslog

Tue, 12 May 2009 01:09:17 -0700 

I am trying to devide a chroot setup for SuSE Linux 10 and am running
into some problems.


As part of this I need to
find out how to make sure the app can log to syslog when chrooted.

For syslog-ng, I tried adding

source XXX { unix-dgram("/chroot/dev/log"); };

to /etc/syslog-ng/syslog-ng.conf, but on startup I get an error (strace
shown here to show the underlying problem):

> [pid 4508] stat("/chroot/dev/log", 0x7ffffe2baf10) = -1 ENOENT (No such file 
> or directory)
> [pid 4508] unlink("/chroot/dev/log") = -1 ENOENT (No such file or directory)
> [pid 4508] bind(3, {sa_family=AF_FILE, path="/chroot/dev/log"}, 22) = -1 
> EPERM (Operation not permitted)
> [pid 4508] write(2, "io.c: bind_unix_socket(): bind f"..., 84io.c: 
> bind_unix_socket(): bind failed /chroot/dev/log (Operation not permitted)
> ) = 84

The same happens when I use unix-stream.
The perms on /chroot/dev are:

> # ls -la
> total 0
> drwxrwxrwx 2 root root 120 2009-05-08 19:51 .
> drwxr-xr-x 6 root root 144 2009-05-07 20:50 ..
> crw-r--r-- 1 root root 1, 3 2009-05-08 19:10 null
> crw-r--r-- 1 root root 1, 8 2009-05-08 19:10 random
> crw-r--r-- 1 root root 1, 5 2009-05-08 19:10 zero

A few questions:

1. Why is it trying to bind an AF_FILE when I selected unix-dgram (and
the same for unix-stream)?

2. What is that permissions EPERM error? I have full perms on that
directory, I am root... What am I missing?

3. the comment in the default ' source src' statement indicates that t
rewrites the standard ' unix-dgram("/dev/log")' source with info from
/etc/sysconfig/syslog. Should I rather set the additional sockets to
listen to there instead of in /etc/syslog-ng/syslog-ng.conf? But I find
no info on how that would look like?

4. It seems that syslog-ng/syslogd is left as a choice in SuSE 10. For
plain syslog I would expect to just add the additional sockets using

> SYSLOGD_PARAMS="-a ..."
or is there another (more standard way) to specify those in SuSE?


Or do I need to set up the devices (and the socket?) using devfs?

I found a recommendation to use

> # mount --bind /dev/null /chroot/dev/null

but:

> spt-suse-10-64-a:/chroot/cns # mount --bind /dev/null /chroot//dev/null
> mount: mount point /chroot/cns/null does not exist

So I am still missing something.

Is there anywhere a clear set if instructions how to set up a chroot
jail in SuSE that includes syslog/syslog-ng and all that?


Any help is appreciated




_______________________________________________
Slugnet mailing list
[email protected]
http://wiki.lugs.org.sg/LugsMailingListFaq
http://www.lugs.org.sg/mailman/listinfo/slugnet

Reply via email to