[rsbac] granting syslog-ng the right to access /proc/rsbac-info/rmsg

Sven Seeland sven.seeland at gmx.de
Tue Jul 17 15:24:19 CEST 2007

Hi everybody...

I'm trying to set /proc/rsbac-info/rmsg as a source for syslog-ng but I keep 
getting this error:

<6>0000036345|rsbac_adf_request(): request GET_STATUS_DATA, pid 2218, ppid 1, 
prog_name syslog-ng, prog_file /usr/sbin/syslog-ng, uid 0, audit uid 400, remote 
ip, target_type SCD, tid rsbac_log, attr none, value none, result 

Now, I know you're supposed to run syslog-ng as a seperate user but I'd really 
like to stick with Gentoo's init architecture and I have no clue as to how to 
hack a script to start a seperate syslog under secoff credentials. The one point 
that irritates me is this: as root I can cat /proc/rsbac-info/rmsg without any 

Is there any way short of hacking the kernel sources to achieve this effect? Or 
is there a reliable way to filter everything that comes from RSBAC out of the 
Kernel messages?

Thanks a lot,

More information about the rsbac mailing list