There have been efforts to patch the recent 2.6 kernel so user klogd can read /proc/kmsg, but they circumvent selinux's access controls, so they were rejected.
Ubuntu's sysklogd_1.4.1-16ubuntu6.diff adds a -P option to klogd so klogd can read from a pipe. From the boot script 'dd' runs as root and pipes from /proc/kmsg to /var/run/klogd/kmsg, and the klogd user has permission to read /var/run/klogd/kmsg. And the only way to keep /var/run/klogd/kmsg from growing out of control is to restart the boot script once in a while to remove /var/run/klogd/kmsg. I think this will work fairly well. 'dd' is a pretty secure program, but an assembly version would be best. I found a dd.asm in asmutils-0.18, but it's in nasm syntax. Or at least a version of 'dd' that ignores environment, preload, and locales. robert
pgpsloEMgdwPc.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
