# syslog-ng: Error setting capabilities (in OpenVZ)

## hujuice

Hello everybody,

I've an apparently simple syslog-ng problem, but I cannot find an explanation for my knowledge. Googling around, it seems that this is a very unusual problem (but I cannot believe it).

I'm opening this post also to try to produce a story in the Internet.

Here is the reason for my headache   :Confused:  :

```
intovps ~ # /etc/init.d/syslog-ng start

syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted'

 * Starting syslog-ng ...

syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitt  [ ok ]
```

You can see two things.

1) syslog-ng starts, even after the double error message.

2) I'm in a VPS. More exactly, I'm on a OpenVZ commercial VPS.

At glance, the logger works as expected. My logs are owned as I want.

What am I loosing? How to avoid the error?

Regards,

HUjuice

```
version: 3.0

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.0,v 1.1 2009/05/25 20:07:21 mr_bones_ Exp $

# See: http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch08s09.html

options {

        # To be explained

        chain_hostnames(no);

        # Allow the creation of (sub)dirs

        create_dirs(yes);

        # Files and directories (suppose to have a logger:1021 group)

        dir_owner(0);

        dir_group(1001);

        dir_perm(0770);

        owner(0);

        group(1001);

        perm(0640);

        # Wait before write

        flush_lines(0);

        flush_timeout(10000);

        # Do I need statistics?

        #stats_freq(0);

        # The default action of syslog-ng is to log a STATS line

        # to the file every 10 minutes.  That's pretty ugly after a while.

        # Change it to every 12 hours so you get a nice daily update of

        # how many messages syslog-ng missed (0).

        stats_freq(43200);

};

# Messaggi del kernel

source s_kern {

    file("/proc/kmsg");

};

filter f_kern { facility(kern); };

destination kern { file("/var/log/kern.log"); };

log { source(s_kern); filter(f_kern); destination(kern); };

# Messaggi interni

source s_logger {

        internal();

};

destination logger { file("/var/log/syslog-ng.log"); };

log { source(s_logger); destination(logger); };

# Messaggi delle applicazioni

source s_apps {

    unix-stream("/dev/log" max-connections(256));

};

destination apps { file("/var/log/apps.log"); };

log { source(s_apps); destination(apps); };

# Log cumulativo di qualsiasi cosa

destination messages { file("/var/log/messages"); };

log {

        source(s_kern); source(s_logger); source(s_apps);

        destination(messages);

};

# Log specifici per livello

# Emergency

filter f_emerg { level(emerg); };

destination emerg { file("/var/log/emerg.log"); };

log {

        source(s_kern); source(s_logger); source(s_apps);

        filter(f_emerg);

        destination(emerg);

};

# Alert

filter f_alert { level(alert); };

destination alert { file("/var/log/alert.log"); };

log {

        source(s_kern); source(s_logger); source(s_apps);

        filter(f_alert);

        destination(alert);

};

# Critical

filter f_crit { level(crit); };

destination crit { file("/var/log/crit.log"); };

log {

        source(s_kern); source(s_logger); source(s_apps);

        filter(f_crit);

        destination(crit);

};

# Error

filter f_err { level(err); };

destination err { file("/var/log/err.log"); };

log {

        source(s_kern); source(s_logger); source(s_apps);

        filter(f_err);

        destination(err);

};

# Warning

filter f_warn { level(warn); };

destination warn { file("/var/log/warn.log"); };

log {

        source(s_kern); source(s_logger); source(s_apps);

        filter(f_err);

        destination(warn);

};

# Log specifici per alcune applicazioni

# User messages

filter f_user { facility(user); };

destination user { file("/var/log/user.log"); };

log { source(s_apps); filter(f_user); destination(user); };

# Smtp and related

filter f_mail { facility(mail); };

destination mail { file("/var/log/mail.log"); };

log { source(s_apps); filter(f_mail); destination(mail); };

# Services

filter f_daemon { facility(daemon); };

destination daemon { file("/var/log/daemon.log"); };

log { source(s_apps); filter(f_daemon); destination(daemon); };

# Authentications

filter f_auth { facility(auth, authpriv); };

destination auth { file("/var/log/auth.log"); };

log { source(s_apps); filter(f_auth); destination(auth); };

# Print

filter f_lpr { facility(lpr); };

destination lpr { file("/var/log/lpr.log"); };

log { source(s_apps); filter(f_lpr); destination(lpr); };

# Cron

filter f_cron { facility(cron); };

destination cron { file("/var/log/cron.log"); };

log { source(s_apps); filter(f_cron); destination(cron); };

# Local facilities

filter f_local0 { facility(local0); };

destination locals0 { file("/var/log/locals0.log"); };

log { source(s_apps); filter(f_local0); destination(locals0); };

filter f_local1 { facility(local1); };

destination locals1 { file("/var/log/locals1.log"); };

log { source(s_apps); filter(f_local1); destination(locals1); };

filter f_local2 { facility(local2); };

destination locals2 { file("/var/log/locals2.log"); };

log { source(s_apps); filter(f_local2); destination(locals2); };

filter f_local3 { facility(local3); };

destination locals3 { file("/var/log/locals3.log"); };

log { source(s_apps); filter(f_local3); destination(locals3); };

filter f_local4 { facility(local4); };

destination locals4 { file("/var/log/locals4.log"); };

log { source(s_apps); filter(f_local4); destination(locals4); };

filter f_local5 { facility(local5); };

destination locals5 { file("/var/log/locals5.log"); };

log { source(s_apps); filter(f_local5); destination(locals5); };

filter f_local6 { facility(local6); };

destination locals6 { file("/var/log/locals6.log"); };

log { source(s_apps); filter(f_local6); destination(locals6); };

filter f_local7 { facility(local7); };

destination locals7 { file("/var/log/locals7.log"); };

log { source(s_apps); filter(f_local7); destination(locals7); };
```

```
intovps ~ # equery list syslog-ng

[ Searching for package 'syslog-ng' in all categories among: ]

 * installed packages

[I--] [  ] app-admin/syslog-ng-3.1.2 (0)
```

```
intovps ~ # equery uses syslog-ng

[ Searching for packages matching syslog-ng... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for app-admin/syslog-ng-3.1.2 ]

 U I

 + + caps         : Use Linux capabilities library to control privilege

 - - hardened     : activate default security enhancements for toolchain (gcc, glibc, binutils)

 - - ipv6         : Adds support for IP version 6

 + + pcre         : Adds support for Perl Compatible Regular Expressions

 - - selinux      : !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur

 - - spoof-source : Enable support for spoofed source addresses

 - - sql          : Enable support for SQL destinations

 + + ssl          : Adds support for Secure Socket Layer connections

 - - static       : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically

 + + tcpd         : Adds support for TCP wrappers
```

```
intovps ~ # uname -mr

2.6.18-194.26.1.el5.028stab070.14xen x86_64
```

----------

## Balage

It may be possible that linux capabilities is disabled in the host's kernel.

Check for:

Security options

    [*] Enable different security models

    [*]   Default Linux Capabilities

----------

## hujuice

 *Balage wrote:*   

> It may be possible that linux capabilities is disabled in the host's kernel.

 

It "almost" so.

The OpenVZ kernel is a special kernel. Its latest stable version is 2.6.18.

My given kernel is generally rich, but the full support for capabilities is from >=2.6.24 kernels (see http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html). So, I've surely something less than a new kernel.

This is the theory. But I'm unable to understand more.

In facts, I still have that error and my files are still owned as I want.

Thanks for the answer, Balage.

Regards,

HUjuice

----------

