Ubuntu
rsyslog package

apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/systemd/sessions/"

Bug #2056768 reported by Martin Pitt
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
rsyslog (Ubuntu)
Confirmed
Undecided
Unassigned
Noble
Confirmed
Undecided
Unassigned

Bug Description

There is an AppArmor regression in current noble. In cockpit we recently started to test on noble (to prevent the "major regressions after release" fiasco from 23.10 again).

For some weird reason, rsyslog is installed *by default* [1] in the cloud images. That is a rather pointless waste of CPU and disk space, as it's an unnecessary running daemon and duplicates all the written logs.

But more specifically, we noticed [2] an AppArmor rejection. Reproducer is simple:

    logger -p user.emerg --tag check-journal EMERGENCY_MESSAGE

this causes

    type=1400 audit(1710168739.345:108): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/systemd/sessions/" pid=714 comm=72733A6D61696E20513A526567 requested_mask="r" denied_mask="r" fsuid=102 ouid=0

Note that it doesn't actually fail, the "EMERGENCY_MESSAGE" does appear in the journal and also in /var/log/syslog. But it's some noise that triggers our (and presumbly other admin's) log detectors.

rsyslog 8.2312.0-3ubuntu3
apparmor 4.0.0~alpha4-0ubuntu1

[1] https://cloud-images.ubuntu.com/daily/server/noble/current/noble-server-cloudimg-amd64.manifest
[2] https://cockpit-logs.us-east-1.linodeobjects.com/pull-6048-20240311-125838-b465e9b2-ubuntu-stable-other-cockpit-project-cockpit/log.html#118

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in rsyslog (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.