Syslog and Chrooted application's logs
Hi, I have to chrooted services bind8 and apache. They are chrooted via compartment and I have a parameter which is identical in both of the init files init_bind8 (from the README of compartment) and init_apache DEV_LOG="/jail/dev/log" and in the /etc/rc.config file in SYSLOGD_PARAMS="-a /jail/dev/log" I have Chrooted bind loging properly to the main system log while chrooted apache persists to log "/jail/apache/var/log/httpd" What is the silly mistake I am doing here ? -- Togan Muftuoglu
Hi Togan, On 2002.01.27 18:51 Togan Muftuoglu wrote:
Hi,
I have to chrooted services bind8 and apache. They are chrooted via compartment and I have a parameter which is identical in both of the init files init_bind8 (from the README of compartment) and init_apache
DEV_LOG="/jail/dev/log"
and in the /etc/rc.config file in
SYSLOGD_PARAMS="-a /jail/dev/log"
I have Chrooted bind loging properly to the main system log while chrooted apache persists to log "/jail/apache/var/log/httpd"
What is the silly mistake I am doing here ?
I think your problem is that apache doesn't use syslog - it has it's own log files as set in httpd.conf file (probably set to be /var/log/httpd/access_log and friends). Good Luck, Maf.
-- Togan Muftuoglu
* Togan Muftuoglu wrote on Sun, Jan 27, 2002 at 20:51 +0200:
I have Chrooted bind loging properly to the main system log while chrooted apache persists to log "/jail/apache/var/log/httpd"
You "chroot /jail", yes? Did you configured apache to log to /apache/var/log/httpd.log? Of course apache cannot see /jail, since it's chrooted. AFAIK, it's not possible to configure apache to log via syslog. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
On Sunday 27 January 2002 20:24, Steffen Dettmer wrote:
* Togan Muftuoglu wrote on Sun, Jan 27, 2002 at 20:51 +0200:
I have Chrooted bind loging properly to the main system log while chrooted apache persists to log "/jail/apache/var/log/httpd"
You "chroot /jail", yes? Did you configured apache to log to /apache/var/log/httpd.log? Of course apache cannot see /jail, since it's chrooted. AFAIK, it's not possible to configure apache to log via syslog.
It does allow you to log to programs, they have examples in the Apache logrotate info. Perhaps logging into a script which calls logger(1) would be a solution. /home/rob> ldd `which logger` libc.so.6 => /lib/libc.so.6 (0x4002e000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) Looks like only libc, so it should be feasible to run in a chroot. How safe is a Linux chroot(2)? I know that Open BSD has fixes and some notes about chroot(2) problems, and also Free BSD has introduced a jail(2). AFAIK a security workround for the chroot area against breakouts sufficed, that was to alter '..' link to point to inode of '.' in the root of the chroot filesystem, at price of confusing programs like find(1). /home/rob> ls -lid /{,..,.} 2 drwxr-xr-x 21 root root 507 Jan 23 23:18 / 2 drwxr-xr-x 21 root root 507 Jan 23 23:18 / 2 drwxr-xr-x 21 root root 507 Jan 23 23:18 /. Rob
participants (4)
-
Maf . King -
Robert Davies -
Steffen Dettmer -
Togan Muftuoglu