apparmor profile prevents syslog-ng startup (fix included)
Bug #1739909 reported by
nyronium
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor Profiles |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Tested on gentoo, syslog-ng-3.13.2, apparmor-
The apparmor-profile for syslog-ng prevents syslog-ng from accessing /dev/kmsg, which in turn leads to a failure when starting the daemon. This occurs when using a source similar to this one:
source kernsrc {
};
Even though the file should be accessed through /proc/kmsg, syslog-ng checks some conditions on /dev/kmsg before proceeding (checked with strace). As this file is not allowed to be read by the apparmor profile, syslog-ng fails to start.
To fix this issue, simply add this permissions line to the apparmor profile:
/dev/kmsg r,
To post a comment you must log in.
Thanks, I'll get this checked into apparmor for 2.11.2