commit 48bb6cf56ad27615ef12b90f87a099632a0db27f
Author: Zbigniew Krzystolik <zbyniu@pld-linux.org>
Date:   Tue Oct 19 17:21:23 2010 +0200

    fix capability in the file() destination
    
    fixes for settings like owner(), group(), perm() and analogous dir_* if create_dirs=yes
    for destination files
     - CAP_DAC_OVERRIDE force changes if parent dir has 000 perm, ie vservers (is inerhitted for dir_* too)
     - CAP_CHOWN - needed if dir_owner() or dir_group() are in use
     - CAP_FOWNER - to force chmod() for dirs with owner != root

diff --git a/src/affile.c b/src/affile.c
index aba95be..5985ac8 100644
--- a/src/affile.c
+++ b/src/affile.c
@@ -55,15 +55,23 @@ affile_open_file(gchar *name, gint flags,
       return FALSE;
     }
 
-  if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode))
-    return FALSE;
-
   saved_caps = g_process_cap_save();
   if (privileged)
     {
       g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE);
       g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
     }
+  else
+    {
+      g_process_cap_modify(CAP_DAC_OVERRIDE, TRUE);
+    }
+
+  if (create_dirs && !create_containing_directory(name, dir_uid, dir_gid, dir_mode))
+    {
+      g_process_cap_restore(saved_caps);
+      return FALSE;
+    }
+
   *fd = -1;
   if (stat(name, &st) >= 0)
     {
diff --git a/src/misc.c b/src/misc.c
index deea525..3e2fccb 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -24,6 +24,7 @@
 #include "misc.h"
 #include "dnscache.h"
 #include "messages.h"
+#include "gprocess.h"
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -368,6 +369,7 @@ create_containing_directory(gchar *name, gint dir_uid, gint dir_gid, gint dir_mo
   struct stat st;
   gint rc;
   gchar *p;
+  cap_t saved_caps;
   
   /* check that the directory exists */
   dirname = g_path_get_dirname(name);
@@ -401,12 +403,16 @@ create_containing_directory(gchar *name, gint dir_uid, gint dir_gid, gint dir_mo
         {
           if (mkdir(name, dir_mode < 0 ? 0700 : (mode_t) dir_mode) == -1)
             return FALSE;
+          saved_caps = g_process_cap_save();
+          g_process_cap_modify(CAP_CHOWN, TRUE);
+          g_process_cap_modify(CAP_FOWNER, TRUE);
           if (dir_uid >= 0)
             chown(name, (uid_t) dir_uid, -1);
           if (dir_gid >= 0)
             chown(name, -1, (gid_t) dir_gid);
           if (dir_mode >= 0)
             chmod(name, (mode_t) dir_mode);
+          g_process_cap_restore(saved_caps);
         }
       *p = '/';
       p = strchr(p + 1, '/');
diff -Nur syslog-ng-3.1.3.orig/src/Makefile.am syslog-ng-3.1.3/src/Makefile.am
--- syslog-ng-3.1.3.orig/src/Makefile.am	2010-04-11 15:51:53.000000000 +0200
+++ syslog-ng-3.1.3/src/Makefile.am	2011-02-01 19:37:07.910739001 +0100
@@ -15,7 +15,7 @@
 syslog_ng_LDADD = libsyslog-ng.a @DEPS_LIBS@ globals.o
 syslog_ng_wrapper_SOURCES = wrapper.c
 pdbtool_SOURCES = pdbtool.c
-pdbtool_LDADD = libsyslog-ng.a @BASE_LIBS@ @GLIB_LIBS@ @EVTLOG_LIBS@
+pdbtool_LDADD = libsyslog-ng.a @BASE_LIBS@ @DEPS_LIBS@ @GLIB_LIBS@ @EVTLOG_LIBS@
 
 syslog_ng_ctl_SOURCES = syslog-ng-ctl.c gsockaddr.c  gsockaddr.h  gsocket.c    gsocket.h
 syslog_ng_ctl_LDADD = @DEPS_LIBS@