[Bug 1827253] Re: [apparmor] missing 'mr' on binary for usage on containers

Launchpad Bug Tracker 1827253 at bugs.launchpad.net
Wed May 1 18:47:53 UTC 2019 

** Merge proposal linked:
   https://code.launchpad.net/~sdeziel/ubuntu/+source/rsyslog/+git/rsyslog/+merge/366779

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1827253

Title:
  [apparmor] missing 'mr' on binary for usage on containers

Status in rsyslog package in Ubuntu:
  New

Bug description:
  Issue description:

  Enabling the rsyslog (disabled by default) Apparmor profile causes
  rsyslog to fail to start when running *inside a container*.

  Steps to reproduce:

  1) Create a 'eoan' container called rs1 here:
    lxc launch ubuntu-daily:e rs1
  2) Enter the container
    lxc shell rs1
  3) Enable apparmor profile
    rm /etc/apparmor.d/disable/usr.sbin.rsyslogd
    apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.rsyslogd
    systemctl restart rsyslog
  4) notice rsyslog failed to start
    systemctl status rsyslog

  Workaround:

    echo '  /usr/sbin/rsyslogd mr,' >> /etc/apparmor.d/local/usr.sbin.rsyslogd
    apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.rsyslogd
    systemctl restart rsyslog

  
  Additional information:

  root at rs1:~# uname -a
  Linux rs1 4.15.0-48-generic #51-Ubuntu SMP Wed Apr 3 08:28:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
  root at rs1:~# lsb_release -rd
  Description:	Ubuntu Eoan EANIMAL (development branch)
  Release:	19.10
  root at rs1:~# dpkg -l| grep -wE 'apparmor|rsyslog'
  ii  apparmor 2.13.2-9ubuntu6  amd64        user-space parser utility for AppArmor
  ii  rsyslog  8.32.0-1ubuntu7  amd64        reliable system and kernel logging daemon

  ProblemType: Bug
  DistroRelease: Ubuntu 19.10
  Package: rsyslog 8.32.0-1ubuntu7
  ProcVersionSignature: Ubuntu 4.15.0-48.51-generic 4.15.18
  Uname: Linux 4.15.0-48-generic x86_64
  ApportVersion: 2.20.10-0ubuntu27
  Architecture: amd64
  Date: Wed May  1 17:36:29 2019
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: rsyslog
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1827253/+subscriptions

More information about the foundations-bugs mailing list