Apparmor prevents reading /run/utmp

Bug #1366261 reported by Simon Déziel on 2014-09-06
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rsyslog (Ubuntu)
Undecided
Unassigned

Bug Description

The AA profile of rsyslog prevents it from reading /run/utmp when "ulimit -l" is reached by another process.

Steps to reproduce:

1) Enable AA profile of rsyslog
rm /etc/apparmor.d/disable/usr.sbin.rsyslogd
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.rsyslogd
2) Setup openvpn using large certs and using --mlock
3) Start OpenVPN and notice errors like those:

Sep 6 00:19:22 jupiter kernel: [ 4048.714972] type=1400 audit(1409977162.226:41): apparmor="DENIED" operation="open" profile="/usr/sbin/rsyslogd" name="/run/utmp" pid=4181 comm=72733A6D61696E20513A526567 requested_mask="r" denied_mask="r" fsuid=101 ouid=0
Sep 6 00:24:03 jupiter kernel: [ 4330.456007] type=1400 audit(1409977443.978:46): apparmor="DENIED" operation="file_lock" profile="/usr/sbin/rsyslogd" name="/run/utmp" pid=6844 comm=72733A6D61696E20513A526567 requested_mask="k" denied_mask="k" fsuid=101 ouid=0

A workaround is to add "/run/utmp rk," to rsyslog's profile.

# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy rsyslog
rsyslog:
  Installed: 7.4.4-1ubuntu2.1
  Candidate: 7.4.4-1ubuntu2.1
  Version table:
 *** 7.4.4-1ubuntu2.1 0
        500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     7.4.4-1ubuntu2 0
        500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: rsyslog 7.4.4-1ubuntu2.1
ProcVersionSignature: Ubuntu 3.13.0-36.63-generic 3.13.11.6
Uname: Linux 3.13.0-36-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Sep 6 00:24:53 2014
InstallationDate: Installed on 2014-01-26 (222 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
SourcePackage: rsyslog
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.logcheck.ignore.d.server.rsyslog: [deleted]

Simon Déziel (sdeziel) wrote :
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package rsyslog - 7.4.4-1ubuntu10

---------------
rsyslog (7.4.4-1ubuntu10) utopic; urgency=medium

  * debian/usr.sbin.rsyslog: allow 'rk' to /run/utmp (LP: #1366261)
 -- Jamie Strandboge <email address hidden> Tue, 09 Sep 2014 10:26:20 -0500

Changed in rsyslog (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers