Actually, it's a little more complicated than that, when the append only
bit is set on a log file using "chattr", when /etc/rc.d/init/syslog is used
to start logging after a reboot for example, klogd cannot write to the log
file. If I start syslogd and klogd manually, all is good. I narrowed it
down to the "daemon" wrapper function that is used to start syslogd and
klogd, if I remove "daemon" from in front of syslogd and klogd it works
fine... I haven't investegated further... What gives?
PS: the append only bit is important when used in conjunction with
capability bounding sets for secure systems like a firewall.
Works with rawhide syslog and initscripts.