Репозитории ALT
S: | 1.8.0-alt1 |
5.1: | 1.4.1-alt30 |
4.1: | 1.4.1-alt28 |
4.0: | 1.4.1-alt27 |
3.0: | 1.4.1-alt20 |
Группа :: Система/Ядро и оборудование
Пакет: sysklogd
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: sysklogd-1.4.2-alt-syslogd-chroot.patch
Скачать
Скачать
diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8
--- sysklogd-1.4.2.orig/sysklogd.8 2005-08-18 14:41:26 +0000
+++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:42:57 +0000
@@ -2,7 +2,7 @@
.\" May be distributed under the GNU General Public License
.\" Sun Aug 30 11:35:55 MET: Martin Schulze: Updates
.\"
-.TH SYSKLOGD 8 "8 October, 2001" "Version 1.4.1+CAEN/Owl" "Linux System Administration"
+.TH SYSKLOGD 8 "8 October, 2001" "Version 1.4.1+CAEN/Owl/ALT" "Linux System Administration"
.SH NAME
sysklogd \- Linux system logging utilities.
.SH SYNOPSIS
@@ -35,6 +35,9 @@ sysklogd \- Linux system logging utiliti
.RB [ " \-u"
.IB username
]
+.RB [ " \-j "
+.I chroot_dir
+]
.RB [ " \-v " ]
.LP
.SH DESCRIPTION
@@ -177,6 +180,19 @@ however, after a
the files will be reopened as the non-privileged user. You should
take this into account when deciding the ownership of the log files.
.TP
+.BI "\-j " chroot_dir
+Tells
+.B syslogd
+daemon to
+.BR chroot (2)
+into this directory after initializing.
+This option is only valid if the \-u option is also used to run
+.B syslogd
+without root privileges.
+Note that the use of this option will prevent
+.B SIGHUP
+from working which makes daemon reload practically impossible.
+.TP
.B "\-v"
Print version and exit.
.LP
diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c
--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:41:26 +0000
+++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:42:57 +0000
@@ -780,6 +780,7 @@ int NoHops = 1; /* Can we bounce syslog
char *bind_addr = NULL; /* bind UDP port to this interface only */
char *server_user = NULL; /* user name to run server as */
+char *chroot_dir = NULL; /* user name to run server as */
extern int errno;
@@ -840,6 +841,11 @@ static int drop_root(void)
if (!pw->pw_uid) return -1;
+ if (chroot_dir) {
+ if (chdir(chroot_dir)) return -1;
+ if (chroot(".")) return -1;
+ }
+
if (initgroups(server_user, pw->pw_gid)) return -1;
if (setgid(pw->pw_gid)) return -1;
if (setuid(pw->pw_uid)) return -1;
@@ -900,7 +906,7 @@ int main(argc, argv)
funix[i] = -1;
}
- while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF)
+ while ((ch = getopt(argc, argv, "a:dhf:i:j:l:m:np:rs:u:v")) != EOF)
switch((char)ch) {
case 'a':
if (nfunix < MAXFUNIX)
@@ -925,6 +931,9 @@ int main(argc, argv)
}
bind_addr = optarg;
break;
+ case 'j':
+ chroot_dir = optarg;
+ break;
case 'l':
if (LocalHosts) {
fprintf(stderr, "Only one -l argument allowed, "
@@ -966,6 +975,10 @@ int main(argc, argv)
if ((argc -= optind))
usage();
+ if (chroot_dir && !server_user) {
+ fputs("'-j' is only valid with '-u'\n", stderr);
+ exit(1);
+ }
#ifndef TESTING
if ( !(Debug || NoFork) )
{