23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
--- a/components/rsyslog/Makefile Thu Sep 22 14:47:13 2016 +0200
+++ b/components/rsyslog/Makefile Tue Oct 04 09:03:46 2016 +0200
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
@@ -85,6 +85,10 @@
# /usr/lib/rsyslog .
CONFIGURE_LIBDIR.64 = $(CONFIGURE_LIBDIR.32)
+# Rsyslog sources contain __FILE__ macros which contain full path to the workspace
+# This may appear in debug output which is not nice. By specifying the source
+# path relative we force the macro to be relative path too.
+CONFIGURE_OPTIONS += --srcdir=../../$(COMPONENT_NAME)-$(COMPONENT_VERSION)
CONFIGURE_OPTIONS += --enable-imsolaris
CONFIGURE_OPTIONS += --enable-mail
CONFIGURE_OPTIONS += --enable-gssapi_krb5
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/rsyslog/TESTING Tue Oct 04 09:03:46 2016 +0200
@@ -0,0 +1,30 @@
+# check version
+/usr/lib/rsyslog/rsyslogd -v
+
+
+
+# test that rsyslog does not contain our workspace path but rather relative paths
+/usr/lib/rsyslog/rsyslogd -d -n 2>&1 | grep ': source file'
+
+
+
+# Disable native syslog, enable rsyslog
+svcadm disable system/system-log:default
+sleep 5
+svcadm enable system/system-log:rsyslog
+sleep 5
+svcs -x
+
+
+
+======================= to the end of /etc/rsyslog.conf ========================
+$FileGroup openldap
+*.* /var/tmp/openldap
+$ResetConfigVariables
+================================================================================
+rm -f /var/tmp/openldap
+svcadm restart system/system-log:rsyslog
+logger -p error "openldap"
+ls -l /var/tmp/openldap
+-rw-r--r-- 1 root openldap 2873 Jun 22 10:36 /var/tmp/openldap
+# Make sure that the new file has 'openldap' group
--- a/components/rsyslog/files/rsyslog.xml Thu Sep 22 14:47:13 2016 +0200
+++ b/components/rsyslog/files/rsyslog.xml Tue Oct 04 09:03:46 2016 +0200
@@ -3,7 +3,7 @@
<!--
- Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
NOTE: This service manifest is not editable; its contents will
be overwritten by package or patch operations, including
@@ -28,7 +28,7 @@
<method_context>
<method_credential
user='root' group='root'
- privileges='basic,net_privaddr' />
+ privileges='basic,net_privaddr,file_chown_self' />
</method_context>
</exec_method>