Am 24.02.26 um 16:47 schrieb Dennis van Dok:
Package: rsyslog Version: 8.2504.0-1 Severity: normalDear Maintainer, Coming from Debian 12 we used an old configuration with the following lines: $PrivDropToUser syslog $PrivDropToGroup syslog These are a simple security enhancement that removes any special privileges from the daemon after startup. When upgrading to Debian 13, rsyslog would no longer start. It was unclear from the systemctl status or journalctl what happened. After some testing and commenting out the above lines it was determined that these lines are related to the problem.Running the rsyslog daemon in the foreground and debug mode on ran normally,which led to suspicions regarding the systemd unit file. The unit file for Debian 13 introduced some security enhancement includingCapabilityBoundingSet and a list of capabilities. But missing from this listare the CAP_SETUID and CAP_SETGID which would be required for the dropping of privileges. As a final test, a systemd override was placed in /etc/systemd/system/rsyslog.service.d/allow-priv-drop.conf with the following contents:
Running with $PrivDropToUser/$PrivDropToGroup is a non-default configuration. I'd rather have the default rsyslog.service be as locked down as possible with the default rsyslog configuration.
Using a systemd drop-in config as you did seems like a proper solution to match your local configuration.
Regards, Michael
OpenPGP_signature.asc
Description: OpenPGP digital signature
