-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
CentOS Stream 9
-
None
-
Normal
-
sst_security_special_projects
-
ssg_security
-
None
-
False
-
-
None
-
Unspecified
-
None
What were you trying to do that didn't work?
I was trying to run rsyslog with the omprog option set to a cpp binary. The cpp binary crash-loops.
Please provide the package NVR for which bug is seen:
Since rsyslog-8.2102.0-115.el9 or rsyslog-8.2102.0-114.el9. (8.2102.0-113 was the last working version, but we only pulled 8.2102.0-115 internally)
How reproducible:
Quite easy
Steps to reproduce
- Compile a binary that calls mprotect PROT_READ | PROT_WRITE | PROT_EXEC
- Add the following to /etc/rsyslog.conf
*.* { action(type="omprog" name="Program_Logging" binary="<binary name>" action.reportSuspension="off" action.reportSuspensionContinuation="off" template="RSYSLOG_TraditionalFileFormat" ) }
- Run systemctl restart rsyslog
Expected results
The binary specified in the omprog option should run properly.
Actual results
The binary specified in the omprog option crash-loops. strace shows it fails with EPERM:
"mprotect(0x406000, 4096, PROT_EXEC) = -1 EPERM (Operation not permitted)"