Actually, it's a little more complicated than that, when the append only bit is set on a log file using "chattr", when /etc/rc.d/init/syslog is used to start logging after a reboot for example, klogd cannot write to the log file. If I start syslogd and klogd manually, all is good. I narrowed it down to the "daemon" wrapper function that is used to start syslogd and klogd, if I remove "daemon" from in front of syslogd and klogd it works fine... I haven't investegated further... What gives? PS: the append only bit is important when used in conjunction with capability bounding sets for secure systems like a firewall.
Works with rawhide syslog and initscripts.