Okay. /proc/kmsg, somewhere in linux-2.6, was changed so CAP_SYS_ADMIN is checked for every read, not just when it's opened. Giving klogd CAP_SYS_ADMIN capabilities is like giving 90% of root's capabilities... klogd would have privileges on all memory and discs, but wouldn't be able to renice processes. So dropping klogd from root to CAP_SYS_ADMIN is a joke.
There are two choices, as I see it. Run klogd as root and use grsecurity access control to disallow it to do anything it shouldn't, even though it is still root. Or modify the kernel to allow a specific uid, or non-posix-capability, to open /proc/kmsg specifically for klogd's needs.. or revert the change to linux-2.6 to use linux-2.4's behavior to only check capabilities for the initial open. klogd can also use syslog(2), but the situation is the same. syslog(2) might be more multithreaded... the proc manual page says no two processes should be reading /proc/kmsg at the same time. I haven't checked how this would affect dmesg(8). Making some grsecurity acl's is perhaps the most reasonable, but the least hard-coded. robert
pgpoLonPOt1AK.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
