[apparmor] [Bug 1739909] Re: apparmor profile prevents syslog-ng startup (fix included)
Tyler Hicks
tyhicks at canonical.com
Thu Mar 15 15:22:56 UTC 2018
A fix for this bug was released in AppArmor 2.12. The upstream commit is
e55583ff27308e3338b5c046de42536bbdd48120
** Changed in: apparmor-profiles
Status: New => Fix Released
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1739909
Title:
apparmor profile prevents syslog-ng startup (fix included)
Status in AppArmor Profiles:
Fix Released
Bug description:
Tested on gentoo, syslog-ng-3.13.2, apparmor-profiles-2.11.1-r2;
The apparmor-profile for syslog-ng prevents syslog-ng from accessing
/dev/kmsg, which in turn leads to a failure when starting the daemon.
This occurs when using a source similar to this one:
source kernsrc {
file("/proc/kmsg");
};
Even though the file should be accessed through /proc/kmsg, syslog-ng
checks some conditions on /dev/kmsg before proceeding (checked with
strace). As this file is not allowed to be read by the apparmor
profile, syslog-ng fails to start.
To fix this issue, simply add this permissions line to the apparmor
profile:
/dev/kmsg r,
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor-profiles/+bug/1739909/+subscriptions
More information about the AppArmor
mailing list