# Attempt to access syslog with CAP_SYS_ADMIN...

## curmudgeon

I don't know if this really belongs in security, but after recent upgrades, I am getting this on every machine on boot:

```

Jun 16 03:24:56 system kernel:  ------------[ cut here ]------------

Jun 16 03:24:56 system kernel:  WARNING: at kernel/printk.c:288 do_syslog+0x79/0x371()

Jun 16 03:24:56 system kernel:  Hardware name: OptiPlex 745                 

Jun 16 03:24:56 system kernel:  Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated).

Jun 16 03:24:56 system kernel:  Modules linked in:

Jun 16 03:24:56 system kernel:  Pid: 956, comm: syslog-ng Not tainted 2.6.38-gentoo-r6 #1

Jun 16 03:24:56 system kernel:  Call Trace:

Jun 16 03:24:56 system kernel:   [<c102aae2>] ? warn_slowpath_common+0x7c/0x8f

Jun 16 03:24:56 system kernel:   [<c102b90c>] ? do_syslog+0x79/0x371

Jun 16 03:24:56 system kernel:   [<c102b90c>] ? do_syslog+0x79/0x371

Jun 16 03:24:56 system kernel:   [<c102ab7d>] ? warn_slowpath_fmt+0x33/0x37

Jun 16 03:24:56 system kernel:   [<c102b90c>] ? do_syslog+0x79/0x371

Jun 16 03:24:56 system kernel:   [<c10c69ef>] ? proc_root_lookup+0xe/0x24

Jun 16 03:24:56 system kernel:   [<c10cdf25>] ? kmsg_open+0x18/0x1a

Jun 16 03:24:56 system kernel:   [<c10c659f>] ? proc_reg_open+0x85/0xee

Jun 16 03:24:56 system kernel:   [<c10cdef4>] ? kmsg_release+0x0/0x19

Jun 16 03:24:56 system kernel:   [<c10c651a>] ? proc_reg_open+0x0/0xee

Jun 16 03:24:56 system kernel:   [<c10950dc>] ? __dentry_open+0xf0/0x1c7

Jun 16 03:24:56 system kernel:   [<c109d3ba>] ? generic_permission+0x18/0x8c

Jun 16 03:24:56 system kernel:   [<c1095269>] ? nameidata_to_filp+0x45/0x50

Jun 16 03:24:56 system kernel:   [<c109ec5a>] ? finish_open+0x74/0x106

Jun 16 03:24:56 system kernel:   [<c109faea>] ? do_path_lookup+0x55/0xdb

Jun 16 03:24:56 system kernel:   [<c10a06a3>] ? do_filp_open+0x173/0x548

Jun 16 03:24:56 system kernel:   [<c112ed12>] ? copy_to_user+0x2c/0x102

Jun 16 03:24:56 system kernel:   [<c1094eec>] ? do_sys_open+0x4e/0xd8

Jun 16 03:24:56 system kernel:   [<c1094fc4>] ? sys_open+0x23/0x28

Jun 16 03:24:56 system kernel:   [<c10027cc>] ? sysenter_do_call+0x12/0x22

Jun 16 03:24:56 system kernel:  ---[ end trace 04fc1b3b0c495fa1 ]---

```

Any idea what is going on? Thank you in advance for your help.

----------

## salahx

Me too and this is deliberate. A new capability, CAP_SYSLOG was split out of CAP_SYS _ADMIN. For backwards compatibility process with CAP_SYS _ADMIN, but not CAP_SYSLOG, will trigger this warning (via WARN_ONCE) - although perhaps that;s a little too strong. 

A bug has been filed upstream: https://bugzilla.balabit.com/show_bug.cgi?id=108

----------

## drescherjm

I am still getting this. With app-admin/syslog-ng-3.3.1. Kind of annoying but I guess it is harmless.

```
[   21.792295] ------------[ cut here ]------------

[   21.792301] WARNING: at kernel/printk.c:322 do_syslog+0x89/0x47a()

[   21.792302] Hardware name: To be filled by O.E.M.

[   21.792303] Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated).

[   21.792304] Modules linked in: autofs4 coretemp hwmon snd_hda_intel snd_hda_codec pcspkr snd_pcm i2c_i801 tpm_tis i2c_core snd_timer snd soundcore snd_page_alloc tpm iTCO_wdt tpm_bios iTCO_vendor_support e1000e button e1000 nfs nfs_acl auth_rpcgss lockd sunrpc reiserfs zlib_deflate raid0 dm_snapshot dm_crypt dm_mirror dm_region_hash dm_log scsi_wait_scan sl811_hcd ohci_hcd uhci_hcd usb_storage ehci_hcd megaraid_sas megaraid_mbox megaraid_mm megaraid sr_mod cdrom sd_mod sata_mv ata_piix ahci libahci pata_marvell pata_mpiix libata

[   21.792330] Pid: 5023, comm: syslog-ng Not tainted 3.0.6-gentoo-btrfs #4

[   21.792331] Call Trace:

[   21.792334]  [<ffffffff81036915>] warn_slowpath_common+0x80/0x98

[   21.792337]  [<ffffffff81118eec>] ? read_vmcore+0x1b3/0x1b3

[   21.792339]  [<ffffffff810369c1>] warn_slowpath_fmt+0x41/0x43

[   21.792341]  [<ffffffff8103f6dc>] ? ns_capable+0x44/0x59

[   21.792342]  [<ffffffff81036f6b>] do_syslog+0x89/0x47a

[   21.792345]  [<ffffffff810d7e09>] ? _d_rehash+0x44/0x46

[   21.792347]  [<ffffffff810d88a0>] ? d_rehash+0x1d/0x24

[   21.792350]  [<ffffffff81114edf>] ? proc_lookup_de+0x9e/0xba

[   21.792352]  [<ffffffff81118eec>] ? read_vmcore+0x1b3/0x1b3

[   21.792353]  [<ffffffff81118f1b>] kmsg_open+0x17/0x19

[   21.792355]  [<ffffffff8110faad>] proc_reg_open+0x91/0x128

[   21.792357]  [<ffffffff8110fa1c>] ? proc_alloc_inode+0x9e/0x9e

[   21.792360]  [<ffffffff810c680a>] __dentry_open.clone.14+0x12a/0x244

[   21.792362]  [<ffffffff810c754e>] nameidata_to_filp+0x43/0x4a

[   21.792364]  [<ffffffff810d39be>] do_last+0x5c1/0x715

[   21.792366]  [<ffffffff810d3c42>] path_openat+0xc3/0x34e

[   21.792368]  [<ffffffff810d3f05>] do_filp_open+0x38/0x84

[   21.792370]  [<ffffffff810ddaf3>] ? alloc_fd+0x6f/0x119

[   21.792372]  [<ffffffff810c765e>] do_sys_open+0x109/0x19b

[   21.792374]  [<ffffffff810c770b>] sys_open+0x1b/0x1d

[   21.792377]  [<ffffffff8141253b>] system_call_fastpath+0x16/0x1b

[   21.792379] ---[ end trace 5a0ac59df7a52608 ]---

fileserver1 ~ # equery l syslog-ng

 * Searching for syslog-ng ...

[IP-] [  ] app-admin/syslog-ng-3.3.1:0

fileserver1 ~ #

```

----------

