apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/systemd/sessions/"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsyslog (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Noble |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
There is an AppArmor regression in current noble. In cockpit we recently started to test on noble (to prevent the "major regressions after release" fiasco from 23.10 again).
For some weird reason, rsyslog is installed *by default* [1] in the cloud images. That is a rather pointless waste of CPU and disk space, as it's an unnecessary running daemon and duplicates all the written logs.
But more specifically, we noticed [2] an AppArmor rejection. Reproducer is simple:
logger -p user.emerg --tag check-journal EMERGENCY_MESSAGE
this causes
type=1400 audit(171016873
Note that it doesn't actually fail, the "EMERGENCY_MESSAGE" does appear in the journal and also in /var/log/syslog. But it's some noise that triggers our (and presumbly other admin's) log detectors.
rsyslog 8.2312.0-3ubuntu3
apparmor 4.0.0~alpha4-
[1] https:/
[2] https:/
Status changed to 'Confirmed' because the bug affects multiple users.