Thanks Patrick,
Patrick Haller wrote:
> On Tue, May 12, 2009 at 04:08:17PM +0800, Mathias Koerber wrote:
>>> [pid 4508] stat("/chroot/dev/log", 0x7ffffe2baf10) = -1 ENOENT (No such
>>> file or directory)
>
> This is expected as it doesn't exist yet
>
>>> [pid 4508] unlink("/chroot/dev/log") = -1 ENOENT (No such file or directory)
>
> Syslog-ng apparently being happily paranoid
>
>>> [pid 4508] bind(3, {sa_family=AF_FILE, path="/chroot/dev/log"}, 22) = -1
>>> EPERM (Operation not permitted)
>
> We need to disambiguate here... Either syslog-ng doesn't have perms to
> do this (dropped root early?), or something wacky is occurring.
I checked and I don't see it dropping root in the strace log
(strace -FF /sbin/syslog-ng).
> In your syslog-ng.conf you want to use unix-stream("/chroot/dev/log");
> If it still fails on that, run the following python program to see
> whether root can establish sockets there:
Same issue..
> Running it without an argument starts the server. Start another shell
> and run it with an argument, you should see that appear in the first
> shell.
That actually all works, so I am still baffled..
Here is the full /etc/syslog-ng/syslog-ng.conf:
Note that I did edit that file rather than as the comment
says to use SuSEconfig. the .in file mention says SuSEconfig
adds sources from /etc/sysconfig/syslog, but that doesn't describe
where to specify them and references back to the syslog-ng.conf file,
blech! So for now I am reduced to directly fiddling with this file.
If anyone knows how to do the 'correctly' on SuSE please tell !
> #
> # /etc/syslog-ng/syslog-ng.conf
> #
> # Automatically generated by SuSEconfig on Thu Oct 18 13:27:13 PDT 2007.
> #
> # PLEASE DO NOT EDIT THIS FILE!
> #
> # you can modify /etc/syslog-ng/syslog-ng.conf.in instead
> #
> #
> #
> # File format description can be found in syslog-ng.conf(5)
> # and /usr/share/doc/packages/syslog-ng/syslog-ng.txt.
> #
>
> #
> # Global options.
> #
> options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
>
> #
> # 'src' is our main source definition. you can add
> # more sources driver definitions to it, or define
> # your own sources, i.e.:
> #
> #source my_src { .... };
> #
> source src {
> #
> # include internal syslog-ng messages
> # note: the internal() soure is required!
> #
> internal();
>
> #
> # the following line will be replaced by the
> # socket list generated by SuSEconfig using
> # variables from /etc/sysconfig/syslog:
> #
> unix-dgram("/dev/log");
>
> #
> # uncomment to process log messages from network:
> #
> #udp(ip("0.0.0.0") port(514));
>
> };
>
> source CNS {
> unix-stream("/chroot/dev/log");
> };
>
> #
> # Filter definitions
> #
> filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };
>
> filter f_console { level(warn) and facility(kern) and not
> filter(f_iptables)
> or level(err) and not facility(authpriv); };
>
> filter f_newsnotice { level(notice) and facility(news); };
> filter f_newscrit { level(crit) and facility(news); };
> filter f_newserr { level(err) and facility(news); };
> filter f_news { facility(news); };
>
> filter f_mailinfo { level(info) and facility(mail); };
> filter f_mailwarn { level(warn) and facility(mail); };
> filter f_mailerr { level(err, crit) and facility(mail); };
> filter f_mail { facility(mail); };
>
> filter f_cron { facility(cron); };
>
> filter f_local { facility(local0, local1, local2, local3,
> local4, local5, local6, local7); };
>
> filter f_acpid { match('^\[acpid\]:'); };
> filter f_netmgm { match('^NetworkManager:'); };
>
> filter f_messages { not facility(news, mail) and not filter(f_iptables); };
> filter f_warn { level(warn, err, crit) and not filter(f_iptables); };
> filter f_alert { level(alert); };
>
>
> #
> # Most warning and errors on tty10 and on the xconsole pipe:
> #
> destination console { file("/dev/tty10" group(tty) perm(0620)); };
> log { source(src); filter(f_console); destination(console); };
>
> destination xconsole { pipe("/dev/xconsole" group(tty) perm(0400)); };
> log { source(src); filter(f_console); destination(xconsole); };
>
> # Enable this, if you want that root is informed immediately,
> # e.g. of logins:
> #
> #destination root { usertty("root"); };
> #log { source(src); filter(f_alert); destination(root); };
>
>
> #
> # News-messages in separate files:
> #
> destination newscrit { file("/var/log/news/news.crit"
> owner(news) group(news)); };
> log { source(src); filter(f_newscrit); destination(newscrit); };
>
> destination newserr { file("/var/log/news/news.err"
> owner(news) group(news)); };
> log { source(src); filter(f_newserr); destination(newserr); };
>
> destination newsnotice { file("/var/log/news/news.notice"
> owner(news) group(news)); };
> log { source(src); filter(f_newsnotice); destination(newsnotice); };
>
> #
> # and optionally also all in one file:
> # (don't forget to provide logrotation config)
> #
> #destination news { file("/var/log/news.all"); };
> #log { source(src); filter(f_news); destination(news); };
>
>
> #
> # Mail-messages in separate files:
> #
> destination mailinfo { file("/var/log/mail.info"); };
> log { source(src); filter(f_mailinfo); destination(mailinfo); };
>
> destination mailwarn { file("/var/log/mail.warn"); };
> log { source(src); filter(f_mailwarn); destination(mailwarn); };
>
> destination mailerr { file("/var/log/mail.err" fsync(yes)); };
> log { source(src); filter(f_mailerr); destination(mailerr); };
>
> #
> # and also all in one file:
> #
> destination mail { file("/var/log/mail"); };
> log { source(src); filter(f_mail); destination(mail); };
>
>
> #
> # acpid messages in one file:
> #
> destination acpid { file("/var/log/acpid"); };
> log { source(src); filter(f_acpid); destination(acpid); flags(final); };
>
> #
> # NetworkManager messages in one file:
> #
> destination netmgm { file("/var/log/NetworkManager"); };
> log { source(src); filter(f_netmgm); destination(netmgm); flags(final); };
>
>
> #
> # Cron-messages in one file:
> # (don't forget to provide logrotation config)
> #
> #destination cron { file("/var/log/cron"); };
> #log { source(src); filter(f_cron); destination(cron); };
>
>
> #
> # Some boot scripts use/require local[1-7]:
> #
> destination localmessages { file("/var/log/localmessages"); };
> log { source(src); filter(f_local); destination(localmessages); };
>
>
> #
> # All messages except iptables and the facilities news and mail:
> #
> destination messages { file("/var/log/messages"); };
> log { source(src); filter(f_messages); destination(messages); };
>
>
> #
> # Firewall (iptables) messages in one file:
> #
> destination firewall { file("/var/log/firewall"); };
> log { source(src); filter(f_iptables); destination(firewall); };
>
>
> #
> # Warnings (except iptables) in one file:
> #
> destination warn { file("/var/log/warn" fsync(yes)); };
> log { source(src); filter(f_warn); destination(warn); };
>
> #
> # Enable this, if you want to keep all messages in one file:
> # (don't forget to provide logrotation config)
> #
> #destination allmessages { file("/var/log/allmessages"); };
> #log { source(src); destination(allmessages); };
>
and here is the complete strace:
> execve("/sbin/syslog-ng", ["/sbin/syslog-ng"], [/* 63 vars */]) = 0
> brk(0) = 0x55555567d000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x2b6378359000
> uname({sys="Linux", node="spt-suse-10-64-a", ...}) = 0
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=100774, ...}) = 0
> mmap(NULL, 100774, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b637835a000
> close(3) = 0
> open("/lib64/libnsl.so.1", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000H\0\0"..., 832) =
> 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=100091, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x2b6378373000
> mmap(NULL, 1136936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0x2b637845a000
> madvise(0x2b637845a000, 1136936, MADV_SEQUENTIAL|0x1) = 0
> mprotect(0x2b637846d000, 1044480, PROT_NONE) = 0
> mmap(0x2b637856c000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x2b637856c000
> mmap(0x2b637856e000, 6440, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2b637856e000
> close(3) = 0
> open("/lib64/libresolv.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`9\0\0\0"..., 832) =
> 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=85885, ...}) = 0
> mmap(NULL, 1129320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0x2b6378570000
> madvise(0x2b6378570000, 1129320, MADV_SEQUENTIAL|0x1) = 0
> mprotect(0x2b6378581000, 1044480, PROT_NONE) = 0
> mmap(0x2b6378680000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0x2b6378680000
> mmap(0x2b6378682000, 7016, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2b6378682000
> close(3) = 0
> open("/lib64/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\322\1\0"..., 832) =
> 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=1505121, ...}) = 0
> mmap(NULL, 2293992, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0x2b6378684000
> madvise(0x2b6378684000, 2293992, MADV_SEQUENTIAL|0x1) = 0
> mprotect(0x2b63787ab000, 1048576, PROT_NONE) = 0
> mmap(0x2b63788ab000, 20480, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x127000) = 0x2b63788ab000
> mmap(0x2b63788b0000, 16616, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2b63788b0000
> close(3) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x2b63788b5000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x2b63788b6000
> arch_prctl(ARCH_SET_FS, 0x2b63788b5d50) = 0
> mprotect(0x2b63788ab000, 12288, PROT_READ) = 0
> munmap(0x2b637835a000, 100774) = 0
> brk(0) = 0x55555567d000
> brk(0x55555569e000) = 0x55555569e000
> open("/etc/localtime", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
> fstat(3, {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x2b637835a000
> read(3, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0"..., 4096) =
> 1017
> close(3) = 0
> munmap(0x2b637835a000, 4096) = 0
> open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 3
> ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff327684a0) = -1 ENOTTY
> (Inappropriate ioctl for device)
> fstat(3, {st_mode=S_IFREG|0644, st_size=5453, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x2b637835a000
> read(3, "#\n# /etc/syslog-ng/syslog-ng.con"..., 8192) = 5453
> read(3, "", 4096) = 0
> socket(PF_FILE, SOCK_STREAM, 0) = 4
> fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
> fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
> poll([{fd=4, events=POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 5000) = 1
> sendto(4, "\2\0\0\0\f\0\0\0\6\0\0\0group\0\0\0", 20, MSG_NOSIGNAL, NULL, 0) =
> 20
> poll([{fd=4, events=POLLIN|POLLERR|POLLHUP, revents=POLLIN|POLLERR|POLLHUP}],
> 1, 5000) = 1
> recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"group\0", 6}], msg_controllen=24,
> {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {5}},
> msg_flags=0}, 0) = 6
> fstat(5, {st_mode=S_IFREG|0600, st_size=217016, ...}) = 0
> pread(5, "\1\0\0\0h\0\0\0\234\0\0\0\1\0\0\0\361\327\4J\0\0\0\0\323"..., 104,
> 0) = 104
> mmap(NULL, 217016, PROT_READ, MAP_SHARED, 5, 0) = 0x2b6378374000
> close(5) = 0
> close(4) = 0
> socket(PF_FILE, SOCK_STREAM, 0) = 4
> fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
> fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
> poll([{fd=4, events=POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 5000) = 1
> sendto(4, "\2\0\0\0\v\0\0\0\7\0\0\0passwd\0U", 20, MSG_NOSIGNAL, NULL, 0) = 20
> poll([{fd=4, events=POLLIN|POLLERR|POLLHUP, revents=POLLIN|POLLERR|POLLHUP}],
> 1, 5000) = 1
> recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"passwd\0", 7}],
> msg_controllen=24, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS,
> {5}}, msg_flags=0}, 0) = 7
> fstat(5, {st_mode=S_IFREG|0600, st_size=217016, ...}) = 0
> pread(5, "\1\0\0\0h\0\0\0\204\1\0\0\1\0\0\0\361\327\4J\0\0\0\0\323"..., 104,
> 0) = 104
> mmap(NULL, 217016, PROT_READ, MAP_SHARED, 5, 0) = 0x2b63783a9000
> close(5) = 0
> close(4) = 0
> read(3, "", 8192) = 0
> ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff32767bf0) = -1 ENOTTY
> (Inappropriate ioctl for device)
> close(3) = 0
> munmap(0x2b637835a000, 4096) = 0
> pipe([3, 4]) = 0
> clone(Process 16915 attached (waiting for parent)
> Process 16915 resumed (parent 16914 ready)
> child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
> child_tidptr=0x2b63788b5de0) = 16915
> [pid 16914] close(4) = 0
> [pid 16914] read(3, <unfinished ...>
> [pid 16915] close(3) = 0
> [pid 16915] open("/var/run/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY,
> 0600) = 3
> [pid 16915] write(3, "16915\n", 6) = 6
> [pid 16915] close(3) = 0
> [pid 16915] socket(PF_FILE, SOCK_STREAM, 0) = 3
> [pid 16915] fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
> [pid 16915] fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> [pid 16915] fcntl(3, F_SETFD, FD_CLOEXEC) = 0
> [pid 16915] stat("/chroot/dev/log", 0x7fff327683c0) = -1 ENOENT (No such file
> or directory)
> [pid 16915] unlink("/chroot/dev/log") = -1 ENOENT (No such file or
> directory)
> [pid 16915] bind(3, {sa_family=AF_FILE, path="/chroot/dev/log"}, 18) = -1
> EPERM (Operation not permitted)
> [pid 16915] write(2, "io.c: bind_unix_socket(): bind f"..., 80io.c:
> bind_unix_socket(): bind failed /chroot/dev/log (Operation not permitted)
> ) = 80
> [pid 16915] close(3) = 0
> [pid 16915] write(2, "Error initializing configuration"..., 43Error
> initializing configuration, exiting.
> ) = 43
> [pid 16915] write(4, "\1", 1 <unfinished ...>
> [pid 16914] <... read resumed> "\1", 1) = 1
> [pid 16914] exit_group(1) = ?
> [pid 16915] <... write resumed> ) = 1
> [pid 16915] close(4) = 0
> Process 16914 detached
> exit_group(2) = ?
> Process 16915 detached
_______________________________________________
Slugnet mailing list
[email protected]
http://wiki.lugs.org.sg/LugsMailingListFaq
http://www.lugs.org.sg/mailman/listinfo/slugnet
