From: Amon Ott <ao@rsbac.org>
Subject: Re: syslog-ng
Date: Wed, 28 Mar 2001 10:31:27 +0200
Next Article (by Subject): Re: syslog-ng Amon Ott
Previous Article (by Subject): Re: syslog-ng problem description(again) SZALAY Attila
Top of Thread: syslog-ng Bencsath Boldizsar
Next in Thread: syslog-ng Bencsath Boldizsar
Articles sorted by: [Date]
[Author]
[Subject]
On Son, 25 Mär 2001 Bencsath Boldizsar wrote: > I've tried rsbac1.1.1 on a machine with syslog-ng that failed to start. > Normal syslog works well. > syslogd does: > [pid 15225] socket(PF_UNIX, SOCK_STREAM, 0) = 0 > [pid 15225] bind(0, {sin_family=AF_UNIX, path="/dev/log"}, 10) = 0 > and it's ok, while syslog-ng does: > [pid 15229] socket(PF_UNIX, SOCK_STREAM, 0) = 4 > [pid 15229] bind(4, {sin_family=AF_UNIX, > path=" /dev/log"}, > 110) = -1 EPERM (Operation not permitted) > (who know why the path is so long?) > > rsbac_remove_target(): Removing file/dir/fifo ACI > rsbac_set_attr(): ipc item added. > rsbac_set_attr(): process item added. > rsbac_set_attr(): process item added. > rsbac_set_attr(): process item added. > rsbac_set_attr(): process item added. > rsbac_set_attr(): ipc item added. > rsbac_set_attr(): ipc item added. > rsbac_remove_target(): Removing file/dir/fifo ACI > rsbac_adf_request_rc(): rsbac_get_attr() returned error -1017! > rsbac_adf_request(): request READ_WRITE_OPEN, caller_pid 15178, > caller_prog_name syslog-ng, caller_uid 0, target-type IPC, tid ???-ID > 134521203, attr sockaddr, value 3371081424, result NOT_GRANTED by RC > rsbac_remove_target(): Removing ipc ACI > rsbac_remove_target(): Removing ipc ACI > rsbac_set_attr(): process item added. > > any little help what is happening? > is the error > rsbac_adf_request_rc(): rsbac_get_attr() returned error -1017! > a "user error" or shows an rsbac problem? The IPC id is clearly wrong, as you can see by the ???-ID part. Still, the sys_bind interception looks fine. I will test syslog-ng soon, maybe I can reproduce the error. > (i think if the second, then it could be really great to users to get > points when should one report something on the list, and when is it an > RTFM like problem ;-) ) Whenever you get a message like rsbac_get_attr returned error xy and you are not in soft mode, you can regard this as an error to be reported here. Any error message that looks like an internal one should be reported. > (another thing is that it could be very great to have a database or forum > set up for notices agains different programs/systems/packages with > rsbac. So one could easily find info about setting up > man,portmap,apache,proftpd,cron,ssh,... some are simple, but there can be > some problems too..) I could setup a second mailing list rsbac-howto, where this could be discussed separately. On the other hand, you could simply ask here. The examples page is meant to be filled with all different sorts of examples for more complex ideas. It is probably time to start a howto page that contains help for single daemons. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: syslog-ng Amon Ott
Previous Article (by Subject): Re: syslog-ng problem description(again) SZALAY Attila
Top of Thread: syslog-ng Bencsath Boldizsar
Next in Thread: syslog-ng Bencsath Boldizsar
Articles sorted by: [Date]
[Author]
[Subject]