I configured some ACL to grant syslog user to read log files that are owned by root under 700 permission directories. I'm able to read them when i logon as syslog. Rsyslog is configured with $PrivDropToUser syslog.
I have this error when i restart rsyslog :
rsyslogd-2433: file '/var/log/containers/default-http-2250134485-3c78s_kube-system_default-http-c8723f65a7a7371374037d7d99abb99ac07d977c792edd79add695392853ba22.log': open error: Permission denied [v8.35.0 try http://www.rsyslog.com/e/2433 ]
This log is a link to /var/lib/docker/containers/DOCKER_ID/DOCKER_ID-json.log
I don't want to mess with kubernetes/docker ownership, that's why i tried with ACL.
Thanks
nevermind, one of my acl wasn't correctly set and it was only working for the file I was testing....