Fri, 01 Oct 2004
syslog(3) and chroot(2)
Here’s a little bit of Unix esoterica that I just figured out. I’ve been
working on a patch to portmap to let it chroot itself, similar to what
BIND 9 does. It seemed to work perfectly, except that once it chrooted,
it wouldn’t syslog(3) anymore.
Now, the standard solution to this is to force the poor admin to make a logging
socked in $CHROOT/dev/log, and configure their syslogd to listen on that
socket. This is annoying, and adds to the reasons why admins don’t use chroot
as much as they could. I noticed that BIND 9 didn’t have this bug, and so
after poking around a bit, found the solution.
Turns out that openlog(3) doesn’t actually open the /dev/log file by
default. Instead, the file gets opened on first syslog(3). So, in order to
keep syslog(3) working after the chroot(2), the code should look something
like this:
openlog("foobard", LOG_CONS|LOG_PID|LOG_NDELAY, LOG_DAEMON);
...
chroot(chroot_dir);
...
syslog(LOG_ERR, "We're hozed!");