diff options
| author | Parabola <dev@list.parabolagnulinux.org> | 2011-10-17 14:16:38 +0000 |
|---|---|---|
| committer | Parabola <dev@list.parabolagnulinux.org> | 2011-10-17 14:16:38 +0000 |
| commit | e1b3d592f43a99f4ed7c91971deda6ce8414dd69 (patch) | |
| tree | 38fecdc19b201d4d28df13c22e9b3b45bb469e4b /core/syslog-ng | |
| parent | d286d980d2ff42151e9bc81ec348c864c24f9cc4 (diff) | |
Mon Oct 17 14:16:38 UTC 2011
Diffstat (limited to 'core/syslog-ng')
| -rw-r--r-- | core/syslog-ng/cap_syslog.patch | 101 | ||||
| -rw-r--r-- | core/syslog-ng/non-blocking-systemd-fds.patch | 32 |
2 files changed, 0 insertions, 133 deletions
diff --git a/core/syslog-ng/cap_syslog.patch b/core/syslog-ng/cap_syslog.patch deleted file mode 100644 index b6e6db6e4..000000000 --- a/core/syslog-ng/cap_syslog.patch +++ /dev/null @@ -1,101 +0,0 @@ -diff --git a/lib/gprocess.h b/lib/gprocess.h -index cda35b0..5c449f7 100644 ---- a/lib/gprocess.h -+++ b/lib/gprocess.h -@@ -28,9 +28,14 @@ - #include "syslog-ng.h" - - #include <sys/types.h> -+#include <sys/utsname.h> - - #if ENABLE_LINUX_CAPS - # include <sys/capability.h> -+# -+# ifndef CAP_SYSLOG -+# define CAP_SYSLOG 34 -+# endif - #endif - - typedef enum -@@ -78,5 +83,8 @@ void g_process_finish(void); - - void g_process_add_option_group(GOptionContext *ctx); - -+extern int kernel_version; -+extern void get_kernel_version(void); -+#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) - - #endif -diff --git a/modules/affile/affile.c b/modules/affile/affile.c -index e145324..886fa72 100644 ---- a/modules/affile/affile.c -+++ b/modules/affile/affile.c -@@ -59,7 +59,12 @@ affile_open_file(gchar *name, gint flags, - if (privileged) - { - g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE); -- g_process_cap_modify(CAP_SYS_ADMIN, TRUE); -+ if (!kernel_version) -+ get_kernel_version(); -+ if (kernel_version < LINUX_VERSION(2, 6, 38)) -+ g_process_cap_modify(CAP_SYS_ADMIN, TRUE); -+ else -+ g_process_cap_modify(CAP_SYSLOG, TRUE); - } - else - { -diff --git a/syslog-ng/main.c b/syslog-ng/main.c -index 9880c1f..ee5031b 100644 ---- a/syslog-ng/main.c -+++ b/syslog-ng/main.c -@@ -67,6 +67,7 @@ static gboolean syntax_only = FALSE; - static gboolean display_version = FALSE; - static gchar *ctlfilename = PATH_CONTROL_SOCKET; - static gchar *preprocess_into = NULL; -+int kernel_version; - - static volatile sig_atomic_t sig_hup_received = FALSE; - static volatile sig_atomic_t sig_term_received = FALSE; -@@ -363,6 +364,20 @@ version(void) - ON_OFF_STR(ENABLE_PACCT_MODULE)); - } - -+void -+get_kernel_version(void) { -+ static struct utsname uts; -+ int x = 0, y = 0, z = 0; -+ -+ if (uname(&uts) == -1) { -+ fprintf(stderr, "Unable to retrieve kernel version.\n"); -+ exit(1); -+ } -+ -+ sscanf(uts.release, "%d.%d.%d", &x, &y, &z); -+ kernel_version = LINUX_VERSION(x, y, z); -+} -+ - int - main(int argc, char *argv[]) - { -@@ -379,9 +394,20 @@ main(int argc, char *argv[]) - * indicate readability. Enabling/disabling cap_sys_admin on every poll - * invocation seems to be too expensive. So I enable it for now. */ - -- g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw," -+ if (!kernel_version) -+ get_kernel_version(); -+ if (kernel_version < LINUX_VERSION(2, 6, 34)) -+ g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw," - "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p " - "cap_sys_admin=ep"); -+ else if (kernel_version < LINUX_VERSION(2, 6, 38)) -+ g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw," -+ "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner," -+ "cap_sys_admin=p"); -+ else -+ g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw," -+ "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner," -+ "cap_syslog=p"); - ctx = g_option_context_new("syslog-ng"); - g_process_add_option_group(ctx); - msg_add_option_group(ctx); diff --git a/core/syslog-ng/non-blocking-systemd-fds.patch b/core/syslog-ng/non-blocking-systemd-fds.patch deleted file mode 100644 index bd056088b..000000000 --- a/core/syslog-ng/non-blocking-systemd-fds.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 2f214c4f87d944aa28d53e331a67b1fd88d9840f Mon Sep 17 00:00:00 2001 -From: Balazs Scheidler <bazsi@balabit.hu> -Date: Wed, 22 Jun 2011 12:50:53 +0200 -Subject: [PATCH] systemd: make sure the acquired fd is in non-blocking mode - -The fd acquired from systemd is in blocking mode, and syslog-ng -didn't explicitly set it to non-blocking, causing syslog-ng -to stall. This patch changes that, explicitly enables -O_NONBLOCK and O_CLOEXEC on systemd acquired fds. - -Reported-By: Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> -Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> ---- - modules/afsocket/afunix.c | 2 ++ - 1 files changed, 2 insertions(+), 0 deletions(-) - -diff --git a/modules/afsocket/afunix.c b/modules/afsocket/afunix.c -index cd9c205..9a4e37b 100644 ---- a/modules/afsocket/afunix.c -+++ b/modules/afsocket/afunix.c -@@ -108,6 +108,8 @@ afunix_sd_acquire_socket(AFSocketSourceDriver *s, gint *result_fd) - - if (*result_fd != -1) - { -+ g_fd_set_nonblock(*result_fd, TRUE); -+ g_fd_set_cloexec(*result_fd, TRUE); - msg_verbose("Acquired systemd socket", - evt_tag_str("filename", self->filename), - evt_tag_int("systemd-sock-fd", *result_fd), --- -1.7.5.4 - |