apparmor profile prevents syslog-ng startup (fix included)
Bug #1739909 reported by
nyronium
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor Profiles |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Tested on gentoo, syslog-ng-3.13.2, apparmor-
The apparmor-profile for syslog-ng prevents syslog-ng from accessing /dev/kmsg, which in turn leads to a failure when starting the daemon. This occurs when using a source similar to this one:
source kernsrc {
};
Even though the file should be accessed through /proc/kmsg, syslog-ng checks some conditions on /dev/kmsg before proceeding (checked with strace). As this file is not allowed to be read by the apparmor profile, syslog-ng fails to start.
To fix this issue, simply add this permissions line to the apparmor profile:
/dev/kmsg r,
Revision history for this message
| John Johansen (jjohansen) wrote | #1 |
Revision history for this message
| Tyler Hicks (tyhicks) wrote | #2 |
| Changed in apparmor-profiles: | |
| status: | New → Fix Released |
To post a comment you must log in.
Thanks, I'll get this checked into apparmor for 2.11.2