Opening /dev/stdout in Docker

[Benjamin Thompson]

Hi

I am running v3.2.0 in a Docker container and I wanted to do some logging
with linelog so I set the filename parameter to "/dev/stdout".

This gave me the error:

Error: rlm_linelog: Failed to open /dev/stdout: Permission denied

After googling this I understood that that I need to add the radius user to
the tty group so did:

usermod -a -G tty radius

However this didn't help so I ran ls -l on /dev/stdout to see what the
permissions were:

lrwxrwxrwx 1 root root 15 Aug  4 14:05 /dev/stdout -> /proc/self/fd/1

Which links to:

l-wx------ 1 root root 64 Aug  4 14:06 /proc/self/fd/1 -> pipe:[18026581]

>From looking at this I worked out there was no tty group involved.

Then after researching this I tried adding "tty: true" to my
docker-compose.yml file and then this gave me a device with write access
from the tty group:

lrwxrwxrwx 1 root root 15 Aug  4 14:45 /dev/stdout -> /proc/self/fd/1
lrwx------ 1 root root 64 Aug  4 14:45 /proc/self/fd/1 -> /dev/pts/0
crw--w---- 1 root tty 136, 0 Aug  4  2022 /dev/pts/0

However this did not help so I looked at the source code and noticed that
FreeRADIUS is opening the file with read/write permissions whereas only
write is available:

https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/src/main/exfile.c#L161

if (strncmp(filename, "/dev/", 5) == 0) {
         fd = open(filename, O_RDWR, permissions);

So then I ran:

chmod g+r /dev/pts/0

After this linelog was able to log to stdout.

However with "tty: true" I am now getting some extra control characters in
my logs such as "'#033#015". This is inconvenient but non critical.

I would be grateful if anyone could advise or assist with a better solution.

--
Benjamin Thompson