FS#22555 : Upcoming syslog breakage with kernel 2.6.38

FS#22555 - Upcoming syslog breakage with kernel 2.6.38

Attached to Project: Arch Linux
Opened by Xavier (shining) - Saturday, 22 January 2011, 19:20 GMT
Last edited by Tobias Powalowski (tpowa) - Thursday, 31 March 2011, 07:11 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Tobias Powalowski (tpowa) Eric Belanger (Snowman) Thomas Bächler (brain0)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Jonathan Liu (net147) (2011-03-25)
Private	No

Details

The following patch introduces a new CAP_SYSLOG capability required for syslog :
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ce6ada35bdf710d16582cc4869c26722547e6f11

So if this change remains in 2.6.38, libcap needs to be updated to 2.20 to be aware of the new cap :
http://sites.google.com/site/fullycapable/release-notes-for-libcap

And syslog-ng (and any other loggers?) needs to be patched to enable CAP_SYSLOG.
See https://bugzilla.balabit.com/show_bug.cgi?id=108

I have a working patch for syslog-ng based on the two I found in the above bug report.

This task depends upon

Closed by Tobias Powalowski (tpowa)
Thursday, 31 March 2011, 07:11 GMT
Reason for closing: Fixed

Comment by Tomas M. (eldragon) - Saturday, 22 January 2011, 22:03 GMT

hi, could you post your patch here?

im actually testing 2.6.38-rc2 and this patch could come in handy ;)

Comment by Xavier (shining) - Saturday, 22 January 2011, 22:10 GMT

There you go.

I asked one syslog-ng dev to provide an updated patch, but he would like to find a solution which works both with old and new libcap.
My patch requires the new libcap.

syslog-pcap.diff (1.8 KiB)

Comment by Xavier (shining) - Saturday, 22 January 2011, 22:40 GMT

I forgot we have kernel26-lts, so we definitely want to keep support for older kernels.
I don't know if always trying to enable both caps (syslog and sys_admin) could work. Otherwise, we probably need kernel version checking from pld patch.

Comment by Allan McRae (Allan) - Sunday, 23 January 2011, 06:35 GMT

Task reassigned to Thomas Bächler (brain0), Tobias Powalowski (tpowa)

Updated libcap is in [testing]. I leave the syslog-ng fix to someone else.

Comment by Xavier (shining) - Sunday, 23 January 2011, 13:05 GMT

Well maybe our best bet is to just apply pld patch, which checks the kernel version and acts accordingly.
http://cvs.pld-linux.org/cgi-bin/cvsweb/packages/syslog-ng/cap_syslog.patch?rev=1.2

Attached a trivial port of the patch to 3.2.2 - the concerned code did not change, just the file paths did, so I had to apply the patch manually.

Tested on 2.6.36 ARCH and 2.6.38-rc2.
Arch lts kernel does not boot on that system, but anyway for versions < 2.6.34, the patch does not change anything.

cap_syslog.patch (3.1 KiB)

Comment by andrew swartz (andrewthomas) - Tuesday, 25 January 2011, 22:26 GMT

I used the above cap_syslog.patch to make a PKGBUILD in AUR

https://aur.archlinux.org/packages.php?ID=45781

I tested it on kernel26, kernel26-lts and 2.6.38-rc2.

Comment by Thomas Bächler (brain0) - Tuesday, 25 January 2011, 22:48 GMT

Great. Sounds like a good solution. We can expect an upstream fix to be available with the next release anyway.

Comment by Xavier (shining) - Saturday, 05 February 2011, 22:37 GMT

Maybe we won't need any patch after all, .38 kernel will hopefully keep working with old userspace (current syslog-ng release).
https://bugzilla.balabit.com/show_bug.cgi?id=108#c13
Apparently it's still under discussion and nothing has been merged yet.
http://groups.google.com/group/linux.kernel/browse_thread/thread/08abdca098b06ce3/2d295a9fdef3a404?#2d295a9fdef3a404

Comment by Greg (dolby) - Saturday, 26 March 2011, 09:55 GMT

Isnt this fixed in syslog-ng 3.2.2-2 in [testing] ?

The upstream bug report is still open..

Comment by Tobias Powalowski (tpowa) - Saturday, 26 March 2011, 09:57 GMT

Yes fixed in testing.

Comment by Greg (dolby) - Saturday, 26 March 2011, 10:28 GMT

This is supposed to be fixed in the kernel http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee24aebffb75a7f940cf52c8cf6910947b3130c0

Comment by Tobias Powalowski (tpowa) - Saturday, 26 March 2011, 16:09 GMT

Well, i patched syslog now, I think thats enough for now.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#22555 - Upcoming syslog breakage with kernel 2.6.38

Details

Loading...