It looks like this will be dealt with on kernel side: for 2.6.38, CAP_SYS_ADMIN will continue working, later on, a sysctl will be set, which controls whether
we need CAP_SYSLOG or CAP_SYS_ADMIN, and that's reasonably easy to query, and adapt to.
Once the kernel folk figure this out and the patch lands in the kernel, I will prepare a syslog-ng patch that checks the sysctl setting, and acts accordingly.
Thursday, February 3, 2011
syslog-ng and CAP_SYSLOG. part 2
Gergely Nagy wrote: