On Fri, 24 Sep 2021, Stuart Henderson wrote: > This is amongst the reasons why OpenBSD has the sendsyslog(2) syscall, > https://man.openbsd.org/sendsyslog.2 - the syslog daemon opens a > kernel socket to receive those messages, and processes which want to > write a log entry just call the standard syslog functions which use Oh, nice. > The description was for /var/data/chroot/<username>/dev/log i.e. each > user has their own separate chroot. So this type of approach would > require mounting a local fs of some sort over the top of each user's dir This made me curious, and I tried¹ this. It is possible to bind-mount sockets on Linux iff the target exists as regular file. sudo touch /var/data/chroot/<username>/dev/log # but beware of # filesystem-based # attacks here! sudo mount --bind /dev/log /var/data/chroot/<username>/dev/log ① I went and began using this technology here: https://github.com/mirabilos/shellsnippets/blob/master/posix/debchroot.sh bye, //mirabilos -- Infrastrukturexperte • tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/ Telephon +49 228 54881-393 • Fax: +49 228 54881-235 HRB AG Bonn 5168 • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg **************************************************** /⁀\ The UTF-8 Ribbon ╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: ╳ HTML eMail! Also, https://www.tarent.de/newsletter ╱ ╲ header encryption! **************************************************** _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
