On Sat, 30 Jan 2016, Michael Biebl wrote:
2016-01-30 2:56 GMT+01:00 David Lang <[email protected]>:
PrivateTmp=yes
what use of /tmp does rsyslog make? If none, can we just block access rather
than going to all the effort of creating a custom version?
This can also affect things that rsyslog runs through omprog/etc. so
documentation is needed.
programs spawned by omprog would have access to the rsyslog tmpdir, so
that shouldn't be an issue.
The only problem I can see is, if you setup an external component to
e.g. log to /tmp/file and then let imfile read from that.
rsyslog wouldn't have access to /tmp/file in that case.
Do people do that in practice?
without seeing any context around this, the answer is always going to be "yes"
:-)
the question is if it's common enough to be an issue. I think the protection is
worth the hassle, but we need to document this in the omprog, mmexternal, imfile
and troubleshooting sections.
or maby just add a section to troublehooting talking about non-obvious
permission issues, SELinux, AppArmor, SMACK, these systemd options, etc. And
then link to it from everywhere we can see it applying (adding links as people
trip over it in other contexts)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
