debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #00200
[Bug 2101180] Re: Multiple DENIED apparmor messages when using rsyslog with the imfile module
** Changed in: rsyslog (Ubuntu Plucky)
Status: In Progress => Confirmed
** Changed in: rsyslog (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/2101180
Title:
Multiple DENIED apparmor messages when using rsyslog with the imfile
module
Status in rsyslog package in Ubuntu:
In Progress
Status in rsyslog source package in Noble:
New
Status in rsyslog source package in Oracular:
New
Status in rsyslog source package in Plucky:
Confirmed
Bug description:
When enabling the imfile module in order to watch
/var/log/audit/audit.log file, the following traces are generated in
logs regularly :
type=AVC msg=audit(1741370794.968:9963561): apparmor="DENIED" operation="open" profile="rsyslogd" name="/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0
type=AVC msg=audit(1741370794.968:9963562): apparmor="DENIED" operation="open" profile="rsyslogd" name="/var/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0
type=AVC msg=audit(1741370794.968:9963563): apparmor="DENIED" operation="open" profile="rsyslogd" name="/var/log/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0
As a small fix, I had to add the following lines into the rsyslogd
apparmor configuration file :
/ r,
/var r,
/var/** r,
Could it be a possible bug ?
Behaviour detected on Ubuntu 22.04
rsyslog package : 8.2406.0-1ubuntu2
Behaviour expected : No DENIED apparmor actions when using the imfile
module.
Thanks !
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2101180/+subscriptions
