/proc/kmsg: Permission denied.

K

Keyinator

Member
Jan 29, 2022
28
2
8
23
Hello, I have the following problem on an Ubuntu 21.10 LXC:
``
Apr 27 17:48:40 game-dev rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Permission denied.
Apr 27 17:48:40 game-dev rsyslogd: activation of module imklog failed [v8.2102.0 try https://www.rsyslog.com/e/2145 ]
``

I found it while trying to enable logging for iptables.
Any idea how this could be fixed?

I can't even open the file as root
1651075029550.png
 
Keep the user remapping of unprivileged LXC in mind. UID/GID 0 to 65535 on the host are mapped to UID/GID 100000 to 165535 inside the LXC. So your LXCs root (shown as UID 0 inside the LXC) is in reality just a unprivileged user with UID 100000 on the host. If something is owned by nobody:nogroup your unprivileged root doesn't always has access to it. If you for example bind-mount a folder owned by UID 1000 from the host into the LXC without editing the user remapping it will be shown as owned by nobody:nogroup and even your LXCs root won't be able to access it.
 
  • Like
Reactions: Keyinator
Dunuin said:
Keep the user remapping of unprivileged LXC in mind. UID/GID 0 to 65535 on the host are mapped to UID/GID 100000 to 165535 inside the LXC. So your LXCs root (shown as UID 0 inside the LXC) is in reality just a unprivileged user with UID 100000 on the host. If something is owned by nobody:nogroup your unprivileged root doesn't always has access to it. If you for example bind-mount a folder owned by UID 1000 from the host into the LXC without editing the user remapping it will be shown as owned by nobody:nogroup and even your LXCs root won't be able to access it.
Click to expand...
Ah. That makes sense.
I am not sure what the right way to "fix" this would be.
Using ``chmod 444 /proc/kmsg`` and would this pose any security risks?

Edit:
``chmod 444 /proc/kmsg`` on the node did not help :(
 
Last edited:
You must log in or register to reply here.
Top Bottom