[systemd-devel] journald: listening on multiple syslog sockets

Dmitry V. Levin ldv at altlinux.org
Sat Dec 1 06:09:38 PST 2012 

Hi,

On Sun, Nov 25, 2012 at 12:19:27AM +0100, Lennart Poettering wrote:
[...]
> Currently, journald cannot listen on multiple syslog sockets (though we
> could certainly add that).
> 
> A simple alternative could be to just make /var/lib/ldap/dev/log
> symlinks? If you are using chroots and these paths hence cannot be
> symlinks into the host, then it might be possible to create a new subdir
> somewhere in /run or so, then copy /usr/lib/systemd/system/syslog.socket
> to /etc/systemd/system/syslog.socket and change it there to point to a
> socket in this new subdir. Then, bind mount this subdir into the various
> chroot environment, and symlink /dev/log each time.
> 
> Not pretty, but should work...

The situation is even more complicated than that because various chrooted
services have slightly different contents of their /dev/, some of them
have nothing there but /dev/log, others also rely on availability of some
relatively harmless devices like /dev/null, dev/zero and /dev/urandom.
An appropriate directory structure for bind mounts would probably look
something like this:

/run/dev/
/run/dev/socket/
/run/dev/socket/log
/run/dev/urandom/
/run/dev/urandom/urandom
/run/dev/urandom/socket/ => /run/dev/socket/
/run/dev/urandom/log -> socket/log
/dev/log -> /run/dev/socket/log
/var/lib/bind/dev/ => /run/dev/socket/
/var/spool/postfix/dev/ => /run/dev/socket/
/var/lib/ldap/dev/ => /run/dev/urandom/

Note all these bind mounts would have to be maintained properly, that is,
mounted and unmounted in time and in proper order, thus making the whole
scheme a bit more complicated than configuring journald to listen on
multiple syslog sockets.

The interface I implemented some 10 years ago for syslogd is
/etc/syslog.d/ directory where each chrooted service has to create
(package) a symlink to the address it wants to be listened by syslogd,
like in this example:

$ rpmquery -alv | grep ' -> .*/dev/log' | sort -k9
lrwxrwxrwx 1 root root 21 Nov  7 08:17 /etc/syslog.d/bind -> /var/lib/bind/dev/log
lrwxrwxrwx 1 root root 27 Nov 28 17:49 /etc/syslog.d/dhcpd -> /var/lib/dhcp/dhcpd/dev/log
lrwxrwxrwx 1 root root 21 Sep 18 11:39 /etc/syslog.d/ldap -> /var/lib/ldap/dev/log
lrwxrwxrwx 1 root root 20 Nov 26 12:47 /etc/syslog.d/nut -> /var/lib/nut/dev/log
lrwxrwxrwx 1 root root 26 Nov 28 10:32 /etc/syslog.d/postfix -> /var/spool/postfix/dev/log

The advantage of this configuration approach is that each chrooted service
has a straightforward way of configuring /dev/log for its chroot without
meddling in syslogd configuration with risk to interfere with other
chrooted services.


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20121201/43442d94/attachment.pgp>

More information about the systemd-devel mailing list