For increased security I want to run my system log daemon as an unprivileged user. I also want to run it from a chroot jail. I'm actually mounting /proc/kmsg inside my chroot environment, and I'm setting all the permissions on that so that the logging user can access it, but the logger is not able to read from it. The example I started this post with is simplified, but I think it clearly shows what I believe is the underlying problem.
In particular, I want to run syslog-ng from a chroot as an unprivileged user. This is all working, except that I can't get at kernel messages. When I posted this problem to the syslog-ng forum I was told that I may have to tweak my SELinux settings, but I think that SELinux is not active on my system. I'm using Debian, and SELinux should be inactive by default.
As far as using dmesg, I don't know how to tell syslog-ng to read from this instead of trying to read from /proc/kmsg like it wants to.
|