[Users] syslog-ng unable to read /proc/kmsg on 2.6.32-042stab076.5
Frank Myhr
fmyhr at fhmtech.com
Thu Apr 18 12:11:50 EDT 2013
Hi,
I have an AMD64 node that runs Ubuntu 12.04 LTS and syslog-ng. After updating the kernel from 2.6.32-042stab072.10 to 2.6.32-042stab076.5
syslog-ng is unable to read /proc/kmsg:
# /etc/init.d/syslog-ng start
* Starting system logging syslog-ng
Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)'
Error initializing source driver; source='kernel', id='kernel#0'
Error initializing message pipeline;
File permission remains 0400, which works with other kernels:
# ls -l /proc/kmsg
-r-------- 1 root root 0 Apr 18 11:28 /proc/kmsg
I temporarily commented out the syslog-ng configuration that attempts to read /proc/kmsg:
#source "kernel" { file("/proc/kmsg" program_override("kernel")); };
syslog-ng then starts up fine. Looking at its capabilities:
# cat /proc/14768/status
...
CapInh: 0000000000000000
CapPrm: fffffffbffffffff
CapEff: fffffffbffffffff
CapBnd: fffffffbffffffff
...
I notice that bit 34 is zero. This is also true of the init (upstart) process:
# cat /proc/1/status
...
CapInh: 0000000000000000
CapPrm: fffffffbffffffff
CapEff: fffffffbfffffeff
CapBnd: fffffffbffffffff
...
Looking in patch-042stab076 from the kernel source, I see:
+#define CAP_FS_FREEZE 34
But since mainline kernel 2.6.38 or so we have CAP_SYSLOG which is also bit 34. I don't fully understand which of the kernel, init, libcap,
and syslog-ng request and grant/deny access to /proc/kmsg. But I suspect that a collision between CAP_FS_FREEZE and CAP_SYSLOG is preventing
syslog-ng from reading /proc/kmsg on 2.6.32-042stab076.5. I see that CAP_FS_FREEZE is new since 2.6.32-042stab072.10, on which syslog-ng
works fine:
$ grep -i "cap_fs_freeze" patch-042stab072
$
Would appreciate any help or insight:
* Do you think this is a kernel bug or something else?
* Any work-around to get syslog-ng to log kernel messages?
Thanks,
Frank
More information about the Users
mailing list