AppArmor

16.04 apparmor, aa-logprof and log files

Bug #1669254 reported by sles on 2017-03-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	New	Undecided	Unassigned
	apparmor (Ubuntu)	New	Undecided	Unassigned

Bug Description

First of all I'd like to say that by default

/etc/apparmor/logprof.conf

contains

logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages

from which only syslog exists in 16.04.

And there is kern.log , which seems to be better suited for reading apparmor kernel messages.

Why not change this in distribution?

Thank you!

Tags:

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2017-03-02:

Hi sles; thanks for the bug report.

On systems with auditd installed, the /var/log/audit/audit.log file is used.

AppArmor's dbus mediation is managed through dbus itself. Its logs would not go into the kern.log file.

It might be about time to remove /var/log/messages; at least I don't have it on my last 12.04 LTS precise system, so it hasn't been used in Ubuntu in a while; but it may still be used on other distributions.

Thanks

Revision history for this message

Christian Boltz (cboltz) wrote on 2017-03-02:

openSUSE still has /var/log/messages - at least if you install one of the "normal" syslog deamons (syslogd, syslog-ng or rsyslog) instead of relying on journald ;-)

OTOH, openSUSE never had /var/log/syslog

Christian Boltz (cboltz) on 2017-10-02

tags:

added: aa-tools

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.