On 05/10/2016 02:19 PM, John wrote:>
>> There are two possibilities. Either you set up logging socket in chroot
>> and set up syslog/journal to receive message from it, or there is some
>> possibility to log over the socket opened by the parent (before going
>> into chroot), which is a bit hacky solution (and not upstream for some
>> reason). We have got the patch in our git [1], but there will probably
>> be some bug in upstream bugzilla.
>>
>>
>> [1]
>>
http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-6.6.1p1-log-in-chroot.patch
>>
>> Regards,
> Thanks for the reply, Jakub. The patch you pointed me to does not apply to
the current release of openssh unfortunately (v7.2p2). Do you have a more
contemporary version of the patch I can try?
It applies, but there are also other conflicting patches in Fedora
probably. We use exactly this one for openssh-7.2> I can google around for a logging socket... I assume this can be
implemented without the patch you referenced and on the current version 7.2p2?
Yes. The logging socket in chroot solution should work without the above
patch.
--
Jakub Jelen
Associate Software Engineer
Security Technologies
Red Hat