SLES10 SP4
I try to setup syslog-ng-1.6.8-20.23.1 for sending messages through a pipe:
destination mail-alert { pipe("/var/tmp/mailpipe" group(root)
perm(0600)); };
This is supposed to be used for email alerts. The pipe is like:
ls -l /var/tmp/mailpipe
prw-rw-rw- 1 root root 0 2012-06-20 17:51 /var/tmp/mailpipe
But still I get the message:
Jun 20 18:23:04 test syslog-ng[31178]: Cannot open file
/var/tmp/mailpipe for writing (Permission denied)
As far as I understand syslog-ng it runs with UID 0. It also writes
happily to /dev/tty10 and /dev/xconsole which are set up in the SUSE
standard configuration for syslog. So what is the problem here?
Anything interesting in /var/log/audit/* when this happens? Maybe
AppArmor is protecting your system from the evil service’s attempts to
access your pipe (that is AppArmor’s job, after all). Can you, as root,
write to the pipe? Are you doing something on the far side of that pipe
to pull data out as they are entered in? I’d expect something other
than permission denied if not (my testing indicates the same… a hung
process instead), but still may be worth testing for fun.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Anything interesting in /var/log/audit/* when this happens? Maybe
AppArmor is protecting your system from the evil service’s attempts to
access your pipe (that is AppArmor’s job, after all).[/color]
Thanks for the hint to nanny software AppArmor. From the audit.log:
With an additional entry “/var/tmp/mailpipe rw,” in
/etc/apparmor.d/sbin.syslog-ng it actually works after a restart of
apparmor. I did not have this on my personal list for debugging stuff as
AppArmor is configured for very processes only on a SUSE standard
installation. I should learn a bit more about it, though.