Hello, on Montag, 19. September 2011, Peter Czanik wrote:
On 09/15/2011 10:47 PM, Christian Boltz wrote:
I did not enable capabilities support in the syslog-ng package, as it was enforced by AppArmor anyway. But I have to reconsider it, if AppArmor is not installed by default...
Even with AppArmor installed, making your package more secure is always a good idea.
Or you just add a Requires: apparmor-profiles apparmor-utils ;-)
I tried it now and added --with-capabilities to configure, and BuildRequires: libcap-devel But starting syslog-ng now fails with:
linux-0a57:~ # syslog-ng -v syslog-ng: Error parsing capabilities: cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_read_searc h,cap_dac_override,cap_chown,cap_fowner=p cap_syslog=ep
I was told, that this is a sign of too old capabilities package... cap_syslog was added around 2.6.38
Nice :-/ but not my area of responsibility ;-) Please direct update requests for libcap to # om libcap # [1] bugowner of Base:System/libcap : tiwai@suse.com maintainer of Base:System/libcap : - Or just to get this line in the syslog-ng.spec checked in: Requires: apparmor-profiles apparmor-utils ;-) Regards, Christian Boltz [1] "om" as in "osc maintainer -e openSUSE:Factory" - this alias is quite useful ;-) Please don't confuse it with my (non-random) signature... --
....Ommmmmm ....Ommmmmm .....Ommmmmm Pendel ----Pendel-----Pendel------ Mensch Axel: Sonst machst Du das doch mit der Glaskugel. Ist die schon wieder in der Spülmaschine? [Axel Lindlau u. Volker Kroll in suse-linux] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org