<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Nov 30, 2017 at 5:27 AM, Michael Biebl <span dir="ltr"><<a href="mailto:mbiebl@gmail.com" target="_blank">mbiebl@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
today I tried to lock down the rsyslog.service that I have on my system.<br>
<br>
For that I first created an override.conf that contained<br>
<br>
[Service]<br>
ProtectHome=yes<br>
PrivateTmp=yes<br>
PrivateDevices=yes<br>
<br>
ProtectSystem=strict<br>
ReadWritePaths=/var/log<br>
ReadWritePaths=/var/spool/<wbr>rsyslog<br>
ReadWritePaths=/proc/kmsg<br></blockquote><div><br></div><div>Are you using imklog or imkmsg? The latter would require the new /dev/kmsg interface (which probably conflicts with PrivateDevices= above).</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Unfortunately, rsyslog.service failed to start:<br>
● rsyslog.service - System Logging Service<br>
   Loaded: loaded (/lib/systemd/system/rsyslog.<wbr>service; enabled;<br>
vendor preset: enabled)<br>
  Drop-In: /etc/systemd/system/rsyslog.<wbr>service.d<br>
           └─override.conf<br>
   Active: failed (Result: exit-code) since Thu 2017-11-30 04:25:03 CET; 2s ago<br>
     Docs: man:rsyslogd(8)<br>
           <a href="http://www.rsyslog.com/doc/" rel="noreferrer" target="_blank">http://www.rsyslog.com/doc/</a><br>
  Process: 2734 ExecStart=/usr/sbin/rsyslogd -n (code=exited, status=1/FAILURE)<br>
 Main PID: 2734 (code=exited, status=1/FAILURE)<br></blockquote><div><br></div><div>Well, it does say that the failure comes from rsyslogd itself, not from the namespace setup...</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
The journal doesn't contain anything useful.<br></blockquote><div><br></div><div>I'm guessing rsyslog will log its own errors to /var/log/syslog rather than stderr.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Any hints how I can further debug this why rsyslog fails to start?<br></blockquote><div><br></div><div>rsyslogd -d -d -d</div><div><br></div><div>strace</div></div><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Mantas Mikulėnas <<a href="mailto:grawity@gmail.com" target="_blank">grawity@gmail.com</a>></div></div>
</div></div>