1

I am trying to use rsyslog or syslog-ng inside a non-privileged container in Kubernetes. Now I have managed to make most of the part work but the only place I am stuck with with /dev/log socket.

The rsyslog/syslog-ng fails to create this socket without privilege which is kind of expected as /dev is owned by root.

Error binding socket; addr='AF_UNIX(/dev/log)', error='Permission denied (13)

Now I am unable to modify the permission of /dev to allow my user as my changes from the image gets overwritten when a pod is created as most likely because these are used from host machine.

So the only way seems to be to use capabilities to make it work.

Anyone else had luck using rsyslog or syslog-ng without any capabilities? Or is there any way to create /dev/log socket without any privilege?

Any leads appreciated.

user55342
  • 21
  • 5
  • Which Kubernetes version are you using? How did you setup non-privileged container? Could you share your yaml file with pod / deployment definition so your example will be [reproducible](https://stackoverflow.com/help/minimal-reproducible-example)? Which exactly command from rsyslog / syslog-ng are you running to create a socket? – Mikolaj S. Nov 29 '21 at 13:10

1 Answers1

0

You could make /dev/log a symlink to directory where syslog-ng has write permission, something like this:

source s_local {
  unix-dgram("/var/run/syslog-ng/log-socket" ...);
};

With this you would need to create the /dev/log symlink when the image is created. I assume that the image is in your control.

bazsi77
  • 521
  • 2
  • 6
  • The /dev/ partition is not maintainer at image and instead added after the pod is created so I cannot modify or add any symbolic links to that path. – user55342 Aug 17 '22 at 18:55
  • It all depends on what you want to accomplish with the /dev/log socket. You might want to run syslog-ng on the host and bind mount the /dev/log socket into the containers using hostpath https://kubernetes.io/docs/concepts/storage/volumes/#hostpath – bazsi77 Aug 18 '22 at 21:51