Ubuntu
rsyslog package

apparmor profile denies access to /run/utmp

Bug #1100060 reported by Simon Déziel
This bug report is a duplicate of:  Bug #1366261: Apparmor prevents reading /run/utmp. Edit Remove
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rsyslog (Ubuntu)
New
Undecided
Unassigned

Bug Description

The Apparmor profile of rsyslogd, when enabled, prevents the daemon from reading /run/utmp:

Jan 15 16:59:53 log kernel: [15515.765872] type=1400 audit(1358287193.318:13): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/rsyslogd" name="/run/utmp" pid=592 comm=72733A6D61696E20513A526567 requested_mask="r" denied_mask="r" fsuid=101 ouid=0

This is the first time I see this denial since I enabled the profile many months ago. The easy fix seems to simply include the "wutmp" abstraction to the profile.

The only thing I can see that could have triggered this, is the *heavy* IO load of the underlying hypervisor powering this VM. Other VMs on the same hypervisor emitted "BUG: soft lockup - CPU#0 stuck for 39s! [flush-253:0:734]" at the same second as the rsyslog apparmor denial.

$ lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04

$ apt-cache policy rsyslog
rsyslog:
  Installed: 5.8.6-1ubuntu8
  Candidate: 5.8.6-1ubuntu8
  Version table:
 *** 5.8.6-1ubuntu8 0
        500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: rsyslog 5.8.6-1ubuntu8
ProcVersionSignature: Ubuntu 3.2.0-35.55-virtual 3.2.34
Uname: Linux 3.2.0-35-virtual x86_64
NonfreeKernelModules: xt_tcpudp xt_recent xt_owner xt_limit xt_conntrack nf_nat_ftp nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ftp ipt_MASQUERADE ipt_LOG iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables ip6t_LOG ip6table_filter ip6_tables x_tables
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
Date: Tue Jan 15 17:08:14 2013
MarkForUpload: True
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: rsyslog
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.rsyslog.conf: 2012-04-16T23:17:45.198820

Revision history for this message
Simon Déziel (sdeziel) wrote :
Revision history for this message
Simon Déziel (sdeziel) wrote :

Another intresting thing to note, apport-bug experienced a crash when reporting this bug:

root@log:~# apport-bug rsyslog

*** Collecting problem information

The collected information can be sent to the developers to improve the
application. This might take a few minutes.
..............
*** It seems you have modified the contents of "/etc/rsyslog.conf". Would you like to add the contents of it to your bug report?

What would you like to do? Your options are:
  Y: Yes
  N: No
  C: Cancel
Please choose (Y/N/C): y
ERROR: hook /usr/share/apport/general-hooks/ubuntu.py crashed:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/apport/report.py", line 719, in add_hooks_info
    symb['add_info'](self, ui)
  File "/usr/share/apport/general-hooks/ubuntu.py", line 144, in add_info
    stderr=subprocess.STDOUT) == 0:
  File "/usr/lib/python2.7/subprocess.py", line 493, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib/python2.7/subprocess.py", line 679, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1249, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
..

The bug report continued apparently normally but some bug attachments seem to be missing.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.