Apparmor prevents reading /run/utmp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsyslog (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The AA profile of rsyslog prevents it from reading /run/utmp when "ulimit -l" is reached by another process.
Steps to reproduce:
1) Enable AA profile of rsyslog
rm /etc/apparmor.
apparmor_parser -r -T -W /etc/apparmor.
2) Setup openvpn using large certs and using --mlock
3) Start OpenVPN and notice errors like those:
Sep 6 00:19:22 jupiter kernel: [ 4048.714972] type=1400 audit(140997716
Sep 6 00:24:03 jupiter kernel: [ 4330.456007] type=1400 audit(140997744
A workaround is to add "/run/utmp rk," to rsyslog's profile.
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy rsyslog
rsyslog:
Installed: 7.4.4-1ubuntu2.1
Candidate: 7.4.4-1ubuntu2.1
Version table:
*** 7.4.4-1ubuntu2.1 0
500 http://
100 /var/lib/
7.4.4-1ubuntu2 0
500 http://
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: rsyslog 7.4.4-1ubuntu2.1
ProcVersionSign
Uname: Linux 3.13.0-36-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Sep 6 00:24:53 2014
InstallationDate: Installed on 2014-01-26 (222 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
SourcePackage: rsyslog
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
This bug was fixed in the package rsyslog - 7.4.4-1ubuntu10
---------------
rsyslog (7.4.4-1ubuntu10) utopic; urgency=medium
* debian/ usr.sbin. rsyslog: allow 'rk' to /run/utmp (LP: #1366261)
-- Jamie Strandboge <email address hidden> Tue, 09 Sep 2014 10:26:20 -0500