[bionic] apparmor denial for rsyslog modules in multiarch directory and pidfile
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsyslog (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
With the new bionic upload, when the apparmor profile is enabled, rsyslog fails to start (and causes upgrade issues) due to:
AVC apparmor="DENIED" operation=
The profile has this rule:
/usr/
but the new upload puts modules in /usr/lib/
/usr/
Fixing that reveals this denial:
AVC apparmor="DENIED" operation="mknod" profile=
So we need to adjust this:
/{,var/
to be:
/{,var/
description: | updated |
description: | updated |
summary: |
- [bionic] apparmor denial for rsyslog modules in multiarch directory + [bionic] apparmor denial for rsyslog modules in multiarch directory and + pidfile |
description: | updated |
tags: | added: apparmor |
Changed in rsyslog (Ubuntu): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package rsyslog - 8.32.0-1ubuntu4
---------------
rsyslog (8.32.0-1ubuntu4) bionic; urgency=medium
[ Jamie Strandboge ] usr.sbin. rsyslogd: updates for bionic (LP: #1766600)
* debian/
- allow rsyslog modules in multiarch directories
- allow writing temporary pidfile
[ Dimitri John Ledkov ]
* Tolerate installing rsyslog, on systems without systemd installed. LP:
#1766574
-- Dimitri John Ledkov <email address hidden> Tue, 24 Apr 2018 15:47:41 +0100