Cannot send message to systemd-journald

Bug #1615262 reported by Mark Shuttleworth
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snappy
Fix Released
Medium
Jamie Strandboge

Bug Description

Am seeing these in syslog with a snap in development:

kernel: [724315.080821] audit: type=1400 audit(1471715344.073:5025): apparmor="DENIED" operation="sendmsg" profile="snap.XXX" name="/run/systemd/journal/socket" pid=16971 comm="XXX" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
kernel: [724331.038037] audit: type=1400 audit(1471715360.029:5026): apparmor="DENIED" operation="sendmsg" profile="snap.XXX.YYY" name="/run/systemd/journal/socket" pid=16987 comm="YYY" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

I think all that is required is an interface which adds the ability to sendmsg to the systemd-journald socket.

Zygmunt Krynicki (zyga)
Changed in snappy:
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This can probably simply be added to the log-observe interface, but I'll investigate and determine the appropriate place.

Changed in snappy:
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Oh, this is actually writing to the log, not observing it, so probably should add to the default template (we already allow writing to /dev/log).

Revision history for this message
Mark Shuttleworth (sabdfl) wrote : Re: [Bug 1615262] Re: Cannot send message to systemd-journald

Thanks Jamie, I would be happy with it being a small additional
interface ('system-log' or similar) if you choose that approach, too.

Mark

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, /run/systemd/journal/socket is the equivalent of /dev/log but for the native systemd journal API and as such, write access should be included by default just like /dev/log is.

Changed in snappy:
importance: Undecided → Medium
status: Triaged → In Progress
Changed in snappy:
milestone: none → 2.15
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

2.20 fixes this issue.

Changed in snappy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.