[Bug 1766600] Re: [bionic] apparmor denial for rsyslog modules in multiarch directory and pidfile

Launchpad Bug Tracker 1766600 at bugs.launchpad.net
Tue Apr 24 17:38:28 UTC 2018 

This bug was fixed in the package rsyslog - 8.32.0-1ubuntu4

---------------
rsyslog (8.32.0-1ubuntu4) bionic; urgency=medium

  [ Jamie Strandboge ]
  * debian/usr.sbin.rsyslogd: updates for bionic (LP: #1766600)
    - allow rsyslog modules in multiarch directories
    - allow writing temporary pidfile

  [ Dimitri John Ledkov ]
  * Tolerate installing rsyslog, on systems without systemd installed. LP:
    #1766574

 -- Dimitri John Ledkov <xnox at ubuntu.com>  Tue, 24 Apr 2018 15:47:41
+0100

** Changed in: rsyslog (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1766600

Title:
  [bionic] apparmor denial for rsyslog modules in multiarch directory
  and pidfile

Status in rsyslog package in Ubuntu:
  Fix Released

Bug description:
  With the new bionic upload, when the apparmor profile is enabled,
  rsyslog fails to start (and causes upgrade issues) due to:

  AVC apparmor="DENIED" operation="file_mmap"
  profile="/usr/sbin/rsyslogd" name="/usr/lib/x86_64-linux-
  gnu/rsyslog/lmnet.so" pid=19949 comm="rsyslogd" requested_mask="m"
  denied_mask="m" fsuid=0 ouid=0

  The profile has this rule:

    /usr/lib{,32,64}/rsyslog/*.so mr,

  but the new upload puts modules in /usr/lib/x86_64-linux-gnu/rsyslog
  so this rule should be adjusted to:

    /usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr,

  Fixing that reveals this denial:

  AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/rsyslogd"
  name="/run/rsyslogd.pid.tmp" pid=2741 comm="rsyslogd"
  requested_mask="c" denied_mask="c" fsuid=0 ouid=0

  So we need to adjust this:

    /{,var/}run/rsyslogd.pid rwk,

  to be:

    /{,var/}run/rsyslogd.pid{,.tmp} rwk,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1766600/+subscriptions

More information about the foundations-bugs mailing list