AppArmor profile prevents use of TLS keys and certificates
Bug #2072702 reported by
Orion-cora
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsyslog (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I'm trying to use the following configuration:
# certificate files
$DefaultNetstre
$DefaultNetstre
$DefaultNetstre
But AppArmor prevents the loading of /etc/ipa/ca.crt and the key file.
I think rsyslog-gnutls should allow reading the key file.
But perhaps /etc/ipa/ca.crt needs to be added to /etc/apparmor.
Version 8.2312.0-3ubuntu9
To post a comment you must log in.
@Orion, /etc/ipa isn't a standard location. I think you'd be better off either adding a local override in /etc/apparmor. d/local/ usr.sbin. rsyslogd or maybe put the CA file somewhere under /etc/rsyslog.d/. The later path is already something the rsyslogd profile allows reading.