2017-11-30 6:52 GMT+01:00 Mantas Mikulėnas <graw...@gmail.com>: > On Thu, Nov 30, 2017 at 5:27 AM, Michael Biebl <mbi...@gmail.com> wrote: >> >> Hi, >> >> today I tried to lock down the rsyslog.service that I have on my system. >> >> For that I first created an override.conf that contained >> >> [Service] >> ProtectHome=yes >> PrivateTmp=yes >> PrivateDevices=yes >> >> ProtectSystem=strict >> ReadWritePaths=/var/log >> ReadWritePaths=/var/spool/rsyslog >> ReadWritePaths=/proc/kmsg > > > Are you using imklog or imkmsg? The latter would require the new /dev/kmsg > interface (which probably conflicts with PrivateDevices= above).
I suspect it's related to ProtectSystem=strict, as with ProtectSystem=full rsyslog seems to start successfully. But this is just trial and error. >> >> Unfortunately, rsyslog.service failed to start: >> ● rsyslog.service - System Logging Service >> Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; >> vendor preset: enabled) >> Drop-In: /etc/systemd/system/rsyslog.service.d >> └─override.conf >> Active: failed (Result: exit-code) since Thu 2017-11-30 04:25:03 CET; >> 2s ago >> Docs: man:rsyslogd(8) >> http://www.rsyslog.com/doc/ >> Process: 2734 ExecStart=/usr/sbin/rsyslogd -n (code=exited, >> status=1/FAILURE) >> Main PID: 2734 (code=exited, status=1/FAILURE) > > > Well, it does say that the failure comes from rsyslogd itself, not from the > namespace setup... > >> >> The journal doesn't contain anything useful. > > > I'm guessing rsyslog will log its own errors to /var/log/syslog rather than > stderr. I don't have anyting in /var/log/syslog >> >> Any hints how I can further debug this why rsyslog fails to start? > > > rsyslogd -d -d -d Already tried that, doesn't produce any useful logs. > strace Already tried ExecStart= ExecStart=/usr/bin/strace -f -o /var/log/strace /usr/sbin/rsyslogd -n but this didn't produce any /var/log/strace log file. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel