I‘ve configured my Apache in chrooted jail at /jail/apache directory. However, my syslogd is not working and nothing gets logged using /dev/log and /jail/apache/dev/log. How do I fix this problem under CentOS 5.x AMD64 with SELinux?


By default syslogd daemon is listening to the socket /dev/log. You can verify this using lsof command:
lsof -c syslogd
lsof -c syslogd | grep '/dev/'

Sample outputs:

syslogd 38944 root    0u  unix 0xffff8103215b08c0           28951978 /dev/log

However, you need to set additional sockets from that syslogd has to listen for all chrooted environment. By default you can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. Edit /etc/sysconfig/syslog, enter:
# vi /etc/sysconfig/syslog
Now, set /jail/apache/dev/log along with default /dev/null syslogd daemon socket path:

SYSLOGD_OPTIONS="-m 0 -a /jail/apache/dev/log"

Save and close the file. Now, restart the syslogd:
# service syslog restart
Make sure your syslogd daemon is listening to the socket /dev/log and /jail/apache/dev/log, enter:
# lsof -c syslogd | grep '/dev/'
Sample outputs:

syslogd 38944 root    0u  unix 0xffff8103215b08c0           28951978 /dev/log
syslogd 38944 root    7u  unix 0xffff8103215b1100           28951980 /jail/apache/dev/log

SELinux Problem

When you restart syslogd and nothing is working as it should be, than SELinux may causing the problem. You will notice that the above command doesn’t indicate that /dev/log and /jail/apache/dev/log sockets used by syslogd. To fix this problem type the following commands:
# setenforce 0
# service syslog restart
# setenforce 1
# lsof -c syslogd | grep '/dev/'

setenforce command with the 1 option to put SELinux in enforcing mode. Use 0 option to put SELinux in permissive mode. This is used for troubleshooting SELinux problems. You may need to patch /etc/init.d/syslog to fix this problem permanently.

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

1 comment… add one
  • Jodie Cunningham May 14, 2014 @ 15:22

    On the SELinux issue, If you set the SELinux context for the file then you should be good to go.

    semanage fcontext -a -t devlog_t /path/to/logsocket
    restorecon -Fv /path/to/log/socket

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.