[apparmor] [Bug 1739909] [NEW] apparmor profile prevents syslog-ng startup (fix included)
nyronium
1739909 at bugs.launchpad.net
Sat Dec 23 20:51:43 UTC 2017
Public bug reported:
Tested on gentoo, syslog-ng-3.13.2, apparmor-profiles-2.11.1-r2;
The apparmor-profile for syslog-ng prevents syslog-ng from accessing
/dev/kmsg, which in turn leads to a failure when starting the daemon.
This occurs when using a source similar to this one:
source kernsrc {
file("/proc/kmsg");
};
Even though the file should be accessed through /proc/kmsg, syslog-ng
checks some conditions on /dev/kmsg before proceeding (checked with
strace). As this file is not allowed to be read by the apparmor profile,
syslog-ng fails to start.
To fix this issue, simply add this permissions line to the apparmor
profile:
/dev/kmsg r,
** Affects: apparmor-profiles
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1739909
Title:
apparmor profile prevents syslog-ng startup (fix included)
Status in AppArmor Profiles:
New
Bug description:
Tested on gentoo, syslog-ng-3.13.2, apparmor-profiles-2.11.1-r2;
The apparmor-profile for syslog-ng prevents syslog-ng from accessing
/dev/kmsg, which in turn leads to a failure when starting the daemon.
This occurs when using a source similar to this one:
source kernsrc {
file("/proc/kmsg");
};
Even though the file should be accessed through /proc/kmsg, syslog-ng
checks some conditions on /dev/kmsg before proceeding (checked with
strace). As this file is not allowed to be read by the apparmor
profile, syslog-ng fails to start.
To fix this issue, simply add this permissions line to the apparmor
profile:
/dev/kmsg r,
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor-profiles/+bug/1739909/+subscriptions
More information about the AppArmor
mailing list