packages: syslog-ng/cap_syslog.patch - add git header
arekm
arekm at pld-linux.org
Sat Sep 10 18:45:58 CEST 2011
Author: arekm Date: Sat Sep 10 16:45:58 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- add git header
---- Files affected:
packages/syslog-ng:
cap_syslog.patch (1.3 -> 1.4)
---- Diffs:
================================================================
Index: packages/syslog-ng/cap_syslog.patch
diff -u packages/syslog-ng/cap_syslog.patch:1.3 packages/syslog-ng/cap_syslog.patch:1.4
--- packages/syslog-ng/cap_syslog.patch:1.3 Wed Jul 13 12:36:50 2011
+++ packages/syslog-ng/cap_syslog.patch Sat Sep 10 18:45:53 2011
@@ -1,3 +1,28 @@
+commit ae0ff59d9a761c2fda8a19b0c05e0e05c59bae57
+Author: Balazs Scheidler <bazsi at balabit.hu>
+Date: Thu May 12 13:11:58 2011 +0200
+
+ Use CAP_SYSLOG instead of CAP_SYS_ADMIN, if available.
+
+ If cap_syslog exists, the kernel will complain (once) that we only
+ have cap_sys_admin. Additionally, using cap_syslog instead of
+ cap_sys_admin significantly lowers the unneeded privs we are
+ using.
+
+ Upon startup, syslog-ng will detect whether CAP_SYSLOG is available,
+ and use capabilities based on that finding. This detection will also
+ have a side-effect, which will make it so that
+ g_process_cap_modify(CAP_SYSLOG) will fall back to CAP_SYS_ADMIN, if
+ CAP_SYSLOG support was not detected.
+
+ Thanks to Andrew Morgan for pointing out a nice way to detect whether
+ the kernel has CAP_SYSLOG. Original code by Serge Hallyn, with minor
+ changes based on Balazs Scheidler's review by Gergely Nagy.
+
+ Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
+ Signed-off-by: Gergely Nagy <algernon at balabit.hu>
+ Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
+
diff --git a/lib/gprocess.c b/lib/gprocess.c
index 38bcb12..e2159fc 100644
--- a/lib/gprocess.c
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/syslog-ng/cap_syslog.patch?r1=1.3&r2=1.4&f=u
More information about the pld-cvs-commit
mailing list