debcrafters-packages team mailing list archive

[Ural Tunaboyu <2101180@xxxxxxxxxxxxxxxxxx>]

Ubuntu 24.10 (Oracular Oriole) has reached end of life, so this bug will
not be fixed for that specific release.

** Changed in: rsyslog (Ubuntu Oracular)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/2101180

Title:
  Multiple DENIED apparmor messages when using rsyslog with the imfile
  module

Status in rsyslog package in Ubuntu:
  In Progress
Status in rsyslog source package in Noble:
  New
Status in rsyslog source package in Oracular:
  Won't Fix
Status in rsyslog source package in Plucky:
  Confirmed

Bug description:
  When enabling the imfile module in order to watch
  /var/log/audit/audit.log file, the following traces are generated in
  logs regularly :

  
  type=AVC msg=audit(1741370794.968:9963561): apparmor="DENIED" operation="open" profile="rsyslogd" name="/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0
  type=AVC msg=audit(1741370794.968:9963562): apparmor="DENIED" operation="open" profile="rsyslogd" name="/var/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0
  type=AVC msg=audit(1741370794.968:9963563): apparmor="DENIED" operation="open" profile="rsyslogd" name="/var/log/" pid=67348 comm="in:imfile" requested_mask="r" denied_mask="r" fsuid=106 ouid=0

  As a small fix, I had to add the following lines into the rsyslogd
  apparmor configuration file :

  / r,
  /var r,
  /var/** r,

  Could it be a possible bug ?

  Behaviour detected on Ubuntu 22.04
  rsyslog package : 8.2406.0-1ubuntu2

  Behaviour expected : No DENIED apparmor actions when using the imfile
  module.

  Thanks !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2101180/+subscriptions